CVE-2024-8887

Name of the Vulnerable Software and Affected Versions: CIRCUTOR Q-SMT version 1.0.4

Description: The issue allows an attacker with access to the web service to bypass authentication mechanisms on the login page, enabling them to use all functionalities implemented at the web level that allow interacting with the device, potentially leading to a denial of service (DoS) attack.

Recommendations: For version 1.0.4, consider restricting access to the web service until a patch is available, and ensure that authentication mechanisms are properly secured to prevent bypassing. As a temporary workaround, limit the use of functionalities implemented at the web level to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.