CVE-2024-8892

Name of the Vulnerable Software and Affected Versions: CIRCUTOR TCP2RS+ version 1.3b

Description: The issue allows an attacker to modify any configuration value without authentication by sending packets through the UDP protocol and port 2000, deconfiguring the device and thus disabling its use. This is possible even if the device has the user/password authentication option enabled. The equipment is at the end of its useful life cycle.

Recommendations: For version 1.3b, consider restricting access to port 2000 to minimize the risk of exploitation, and avoid using the UDP protocol for configuration changes until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.