CVE-2024-8890

Summary

CVE-2024-8890 is a vulnerability affecting the CIRCUTOR Q-SMT firmware version 1.0.4, which utilizes only the HTTP protocol, allowing attackers on the same network to potentially steal user credentials or session information. The vulnerability is rated as high severity with a base score of 8.0, indicating significant risks to both confidentiality and integrity due to the lack of secure communication channels. Remediation efforts should focus on implementing secure communication protocols and updating device firmware to address this weakness. The potential danger posed includes unauthorized access to sensitive information and the possibility of further network exploitation. Attackers require no privileges but may need user interaction, making it crucial for organizations to educate users about safe practices within their networks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.