CVE-2024-8891 MEDIUM

CVE-2024-8891: Exposure of Private Personal Information to an Unauthorized Actor vulnerability on CIRCUTOR Q-SMT

Vendor Circutor
Product CIRCUTOR Q-SMT
Weakness CWE-359
Published September 18, 2024
Last update September 18, 2024

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

An attacker with no knowledge of the current users in the web application, could build a dictionary of potential users and check the server responses as it indicates whether or not the user is present in CIRCUTOR Q-SMT in its firmware version 1.0.4.

Key dates

02Disclosure timeline

September 18, 2024 CVE published
September 18, 2024 Record updated