{
  "id": "CVE-2024-8887",
  "sourceIdentifier": "cve-coordination@incibe.es",
  "published": "2024-09-18T11:15:10.530",
  "lastModified": "2024-10-01T17:30:07.597",
  "vulnStatus": "Analyzed",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "CIRCUTOR Q-SMT in its firmware version 1.0.4, could be affected by a denial of service (DoS) attack if an attacker with access to the web service bypasses the authentication mechanisms on the login page, allowing the attacker to use all the functionalities implemented at web level that allow interacting with the device."
    },
    {
      "lang": "es",
      "value": "CIRCUTOR Q-SMT en su versi\u00f3n de firmware 1.0.4, podr\u00eda verse afectado por un ataque de denegaci\u00f3n de servicio (DoS) si un atacante con acceso al servicio web evita los mecanismos de autenticaci\u00f3n en la p\u00e1gina de login, permitiendo al atacante utilizar todas las funcionalidades implementadas a nivel web que permiten interactuar con el dispositivo."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "cve-coordination@incibe.es",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "CHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.0
      },
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
          "baseScore": 8.6,
          "baseSeverity": "HIGH",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "CHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.0
      }
    ]
  },
  "weaknesses": [
    {
      "source": "cve-coordination@incibe.es",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-1284"
        }
      ]
    },
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-1284"
        }
      ]
    }
  ],
  "configurations": [
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:circutor:q-smt_firmware:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "292A461E-4540-40B6-9366-E78BA7EB5EB9"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:circutor:q-smt:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DA81978-4905-41F2-869B-430A9AEC2EEC"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-circutor-products",
      "source": "cve-coordination@incibe.es",
      "tags": [
        "Third Party Advisory"
      ]
    }
  ]
}