{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-8887", "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "state": "PUBLISHED", "assignerShortName": "INCIBE", "dateReserved": "2024-09-16T10:20:28.952Z", "datePublished": "2024-09-18T11:05:31.015Z", "dateUpdated": "2024-09-18T13:26:55.753Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "CIRCUTOR Q-SMT", "vendor": "CIRCUTOR", "versions": [{"status": "affected", "version": "1.0.4", "versionType": "firmware"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Aar\u00f3n Flecha"}, {"lang": "en", "type": "finder", "value": "Gabriel V\u00eda Echezarreta"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "CIRCUTOR Q-SMT in its firmware version 1.0.4, could be affected by a denial of service (DoS) attack if an attacker with access to the web service bypasses the authentication mechanisms on the login page, allowing the attacker to use all the functionalities implemented at web level that allow interacting with the device."}], "value": "CIRCUTOR Q-SMT in its firmware version 1.0.4, could be affected by a denial of service (DoS) attack if an attacker with access to the web service bypasses the authentication mechanisms on the login page, allowing the attacker to use all the functionalities implemented at web level that allow interacting with the device."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1284", "description": "CWE-1284 Improper Validation of Specified Quantity in Input", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "shortName": "INCIBE", "dateUpdated": "2024-09-18T11:05:31.015Z"}, "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-circutor-products"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "CIRCUTOR Q-SMT, in its firmware version 1.0.5, effectively solved the potential threat. CIRCUTOR made the new version available to its customers privately and strongly recommends them to keep their equipment updated."}], "value": "CIRCUTOR Q-SMT, in its firmware version 1.0.5, effectively solved the potential threat. CIRCUTOR made the new version available to its customers privately and strongly recommends them to keep their equipment updated."}], "source": {"discovery": "EXTERNAL"}, "title": "Authentication bypass vulnerability on CIRCUTOR Q-SMT", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "circutor", "product": "circutor_q_smt", "cpes": ["cpe:2.3:a:circutor:circutor_q_smt:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "1.0.4", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-18T13:24:41.180459Z", "id": "CVE-2024-8887", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-18T13:26:55.753Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-8887", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-18T13:24:41.180459Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:circutor:circutor_q_smt:*:*:*:*:*:*:*:*"], "vendor": "circutor", "product": "circutor_q_smt", "versions": [{"status": "affected", "version": "1.0.4"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-18T13:26:47.790Z"}}], "cna": {"title": "Authentication bypass vulnerability on CIRCUTOR Q-SMT", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Aar\u00f3n Flecha"}, {"lang": "en", "type": "finder", "value": "Gabriel V\u00eda Echezarreta"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 10, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "CIRCUTOR", "product": "CIRCUTOR Q-SMT", "versions": [{"status": "affected", "version": "1.0.4", "versionType": "firmware"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "CIRCUTOR Q-SMT, in its firmware version 1.0.5, effectively solved the potential threat. CIRCUTOR made the new version available to its customers privately and strongly recommends them to keep their equipment updated.", "supportingMedia": [{"type": "text/html", "value": "CIRCUTOR Q-SMT, in its firmware version 1.0.5, effectively solved the potential threat. CIRCUTOR made the new version available to its customers privately and strongly recommends them to keep their equipment updated.", "base64": false}]}], "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-circutor-products"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "CIRCUTOR Q-SMT in its firmware version 1.0.4, could be affected by a denial of service (DoS) attack if an attacker with access to the web service bypasses the authentication mechanisms on the login page, allowing the attacker to use all the functionalities implemented at web level that allow interacting with the device.", "supportingMedia": [{"type": "text/html", "value": "CIRCUTOR Q-SMT in its firmware version 1.0.4, could be affected by a denial of service (DoS) attack if an attacker with access to the web service bypasses the authentication mechanisms on the login page, allowing the attacker to use all the functionalities implemented at web level that allow interacting with the device.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1284", "description": "CWE-1284 Improper Validation of Specified Quantity in Input"}]}], "providerMetadata": {"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "shortName": "INCIBE", "dateUpdated": "2024-09-18T11:05:31.015Z"}}}, "cveMetadata": {"cveId": "CVE-2024-8887", "state": "PUBLISHED", "dateUpdated": "2024-09-18T13:26:55.753Z", "dateReserved": "2024-09-16T10:20:28.952Z", "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "datePublished": "2024-09-18T11:05:31.015Z", "assignerShortName": "INCIBE"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "CIRCUTOR Q-SMT in its firmware version 1.0.4, could be affected by a denial of service (DoS) attack if an attacker with access to the web service bypasses the authentication mechanisms on the login page, allowing the attacker to use all the functionalities implemented at web level that allow interacting with the device."}], "id": "CVE-2024-8887", "lastModified": "2024-09-18T11:15:10.530", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "cve-coordination@incibe.es", "type": "Secondary"}]}, "published": "2024-09-18T11:15:10.530", "references": [{"source": "cve-coordination@incibe.es", "url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-circutor-products"}], "sourceIdentifier": "cve-coordination@incibe.es", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1284"}], "source": "cve-coordination@incibe.es", "type": "Secondary"}]}

{}