An attacker with no knowledge of the current users in the web application, could build a dictionary of potential users and check the server responses as it indicates whether or not the user is present in CIRCUTOR Q-SMT in its firmware version 1.0.4.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NCircutor Q Smt
HWCircutorwszystkie wersjeCircutor Q Smt Firmware
OSCircutor1.0.4
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Related vulnerabilities
CVE-2024-8887CRITICAL10.0PL ✓ten sam produkt
Pominięcie uwierzytelnienia w Circutor Q-SMT umożliwia atak DoS
CVE-2024-8888CRITICAL10.0PL ✓ten sam produkt
Brak wygasania tokenów sesji w Circutor Q-SMT Firmware 1.0.4
CVE-2024-8890HIGH8.0ten sam produkt
An attacker with access to the network where the CIRCUTOR Q-SMT is located in its firmware version 1.0.4, coul...
CVE-2025-11778CRITICAL10.0PL ✓ten sam vendor
Stack-based buffer overflow w Circutor SGE-PLC1000/SGE-PLC50 (TACACS+)
CVE-2025-11779CRITICAL9.4PL ✓ten sam vendor
Stack-based buffer overflow w Circutor SGE-PLC1000/SGE-PLC50 via SetLan