CVE-2024-8890

Name of the Vulnerable Software and Affected Versions: CIRCUTOR Q-SMT version 1.0.4

Description: An attacker with access to the network where the CIRCUTOR Q-SMT is located could obtain legitimate credentials or steal sessions due to the fact that the device only implements the HTTP protocol, preventing a secure communication channel from being established.

Recommendations: For version 1.0.4, consider disabling the use of the HTTP protocol until a patch is available, and restrict access to sensitive data to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.