VYPR
Unrated severityNVD Advisory· Published Sep 18, 2024· Updated Sep 18, 2024

Insufficient Session Expiration vulnerability on CIRCUTOR Q-SMT

CVE-2024-8888

Description

An attacker with access to the network where CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could steal the tokens used on the web, since these have no expiration date to access the web application without restrictions. Token theft can originate from different methods such as network captures, locally stored web information, etc.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Circl/Circutor Q Smtllm-fuzzy2 versions
    = 1.0.4+ 1 more
    • (no CPE)range: = 1.0.4
    • (no CPE)range: 1.0.4

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.