An attacker with no knowledge of the current users in the web application, could build a dictionary of potential users and check the server responses as it indicates whether or not the user is present in CIRCUTOR Q-SMT in its firmware version 1.0.4.
References
Configurations
No configuration.
History
18 Sep 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-18 14:15
Updated : 2024-09-18 14:15
NVD link : CVE-2024-8891
Mitre link : CVE-2024-8891
CVE.ORG link : CVE-2024-8891
JSON object : View
Products Affected
No product.
CWE
CWE-359
Exposure of Private Personal Information to an Unauthorized Actor