CVE-2024-8888

Name of the Vulnerable Software and Affected Versions: CIRCUTOR Q-SMT version 1.0.4

Description: An attacker with access to the network where CIRCUTOR Q-SMT is located could steal the tokens used on the web, since these have no expiration date to access the web application without restrictions. Token theft can originate from different methods such as network captures, locally stored web information, etc.

Recommendations: For CIRCUTOR Q-SMT version 1.0.4, consider implementing token expiration to restrict access to the web application. As a temporary workaround, restrict access to the network where CIRCUTOR Q-SMT is located to minimize the risk of token theft. Additionally, monitor network activity and locally stored web information for potential security breaches. At the moment, there is no information about a newer version that contains a fix for this vulnerability.