CVE-2024-8892

Summary

CVE-2024-8892 is a vulnerability affecting the CIRCUTOR TCP2RS+ firmware version 1.3b, which allows unauthorized attackers to alter configuration settings without authentication by sending specially crafted UDP packets to port 2000. This vulnerability poses a medium severity risk due to its low attack complexity and the absence of required privileges or user interaction, potentially leading to device deconfiguration and disruption of service. Given that the affected product is at the end of its useful life cycle, organizations using this device should prioritize remediation. Recommendations for mitigation include disabling or removing vulnerable devices from the network and considering upgrades or replacements with supported products. The confidentiality impact is rated as low, while integrity and availability impacts are considered negligible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.