CVE-2024-8891

An attacker with no knowledge of the current users in the web application, could build a dictionary of potential users and check the server responses as it indicates whether or not the user is present in CIRCUTOR Q-SMT in its firmware version 1.0.4.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:circutor:q-smt_firmware:1.0.4:*:*:*:*:*:*:*
cpe:2.3:h:circutor:q-smt:-:*:*:*:*:*:*:*

History

26 Sep 2024, 18:50

Type Values Removed Values Added
CPE cpe:2.3:h:circutor:q-smt:-:*:*:*:*:*:*:*
cpe:2.3:o:circutor:q-smt_firmware:1.0.4:*:*:*:*:*:*:*
References () https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-circutor-products - () https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-circutor-products - Third Party Advisory
First Time Circutor q-smt
Circutor
Circutor q-smt Firmware
CWE NVD-CWE-noinfo

20 Sep 2024, 12:30

Type Values Removed Values Added
Summary
  • (es) Un atacante sin conocimiento de los usuarios actuales en la aplicación web, podría construir un diccionario de usuarios potenciales y comprobar las respuestas del servidor, ya que indica si el usuario está presente o no en CIRCUTOR Q-SMT en su versión de firmware 1.0.4.

18 Sep 2024, 14:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-18 14:15

Updated : 2024-09-26 18:50


NVD link : CVE-2024-8891

Mitre link : CVE-2024-8891

CVE.ORG link : CVE-2024-8891


JSON object : View

Products Affected

circutor

  • q-smt
  • q-smt_firmware
CWE
NVD-CWE-noinfo CWE-359

Exposure of Private Personal Information to an Unauthorized Actor