CVE-2024-8892

Published Sep 18, 2024

Last updated a month ago

Overview

Description
Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify any configuration value, even if the device has the user/password authentication option enabled, without authentication by sending packets through the UDP protocol and port 2000, deconfiguring the device and thus disabling its use. This equipment is at the end of its useful life cycle.
Source
cve-coordination@incibe.es
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
9.1
Impact score
5.2
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Severity
CRITICAL

Weaknesses

nvd@nist.gov
NVD-CWE-noinfo
cve-coordination@incibe.es
CWE-400

Social media

Hype score
Not currently trending

Configurations