CVE-2024-8889
9.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H
Summary
Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify any configuration value, even if the device has the user/password authentication option enabled, without authentication by sending packets through the UDP protocol and port 2000, deconfiguring the device and thus disabling its use. This equipment is at the end of its useful life cycle.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| CIRCUTOR | CIRCUTOR TCP2RS+ | 1.3b | affected |
Weaknesses
- CWE-20: CWE-20 Improper Input Validation
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.