An attacker with access to the network where the CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could obtain legitimate credentials or steal sessions due to the fact that the device only implements the HTTP protocol. This fact prevents a secure communication channel from being established.
Fixes

Solution

CIRCUTOR Q-SMT, in its firmware version 1.0.5, effectively solved the potential threat. CIRCUTOR made the new version available to its customers privately and strongly recommends them to keep their equipment updated.


Workaround

No workaround given by the vendor.

History

Tue, 15 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.0006}

epss

{'score': 0.00064}


Tue, 01 Oct 2024 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Circutor
Circutor q-smt
Circutor q-smt Firmware
Weaknesses NVD-CWE-Other
CPEs cpe:2.3:h:circutor:q-smt:-:*:*:*:*:*:*:*
cpe:2.3:o:circutor:q-smt_firmware:1.0.4:*:*:*:*:*:*:*
Vendors & Products Circutor
Circutor q-smt
Circutor q-smt Firmware

Wed, 18 Sep 2024 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 18 Sep 2024 13:15:00 +0000

Type Values Removed Values Added
Description An attacker with access to the network where the CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could obtain legitimate credentials or steal sessions due to the fact that the device only implements the HTTP protocol. This fact prevents a secure communication channel from being established.
Title Insertion of Sensitive Information Into Sent Data vulnerability on CIRCUTOR Q-SMT
Weaknesses CWE-201
References
Metrics cvssV3_1

{'score': 8, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: INCIBE

Published:

Updated: 2024-09-18T14:36:22.074Z

Reserved: 2024-09-16T10:20:31.758Z

Link: CVE-2024-8890

cve-icon Vulnrichment

Updated: 2024-09-18T14:36:18.428Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-18T13:15:03.620

Modified: 2024-10-01T15:46:33.750

Link: CVE-2024-8890

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.