CVE-2024-8889

Name of the Vulnerable Software and Affected Versions: CIRCUTOR TCP2RS+ version 1.3b

Description: The issue allows an attacker to modify any configuration value without authentication by sending packets through the UDP protocol and port 2000, deconfiguring the device and thus disabling its use, even if the device has the user/password authentication option enabled. This equipment is at the end of its useful life cycle.

Recommendations: For version 1.3b, as a temporary workaround, consider restricting access to the UDP protocol and port 2000 until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.