Login Sign Up

CVE-2024-8888

10.0 CRITICAL
Authentication Bypass

📋 TL;DR

An attacker on the same network as a vulnerable CIRCUTOR Q-SMT device can steal authentication tokens that never expire, allowing unrestricted access to the web application. This affects CIRCUTOR Q-SMT devices running firmware version 1.0.4. The vulnerability enables persistent unauthorized access once tokens are obtained.

💻 Affected Systems

Products:
  • CIRCUTOR Q-SMT
Versions: Firmware version 1.0.4
Operating Systems: Embedded firmware
Default Config Vulnerable: ⚠️ Yes
Notes: All devices running the vulnerable firmware version are affected by default.

📦 What is this software?

Q Smt Firmware by Circutor

View all CVEs affecting Q Smt Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the Q-SMT device allowing attackers to manipulate power management settings, disrupt operations, or use as a foothold into industrial control networks.

🟠

Likely Case

Unauthorized access to the web interface leading to configuration changes, data theft, or service disruption.

🟢

If Mitigated

Limited impact if network segmentation prevents attacker access and tokens are regularly cleared.

🌐 Internet-Facing: HIGH if device is exposed to internet, as token theft enables persistent access.
🏢 Internal Only: HIGH as network access alone enables token theft and persistent compromise.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires network access but token theft methods are well-known (network sniffing, browser storage access).

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check with CIRCUTOR for updated firmware

Vendor Advisory: https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-circutor-products

Restart Required: Yes

Instructions:

1. Contact CIRCUTOR for updated firmware. 2. Backup current configuration. 3. Apply firmware update via web interface or local method. 4. Verify update and restore configuration if needed.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate Q-SMT devices on separate VLANs with strict access controls

Force Token Expiration

all

Implement script to clear browser storage and force re-authentication regularly

🧯 If You Can't Patch

  • Implement strict network segmentation to prevent unauthorized access to Q-SMT network segments
  • Monitor for unusual authentication patterns and implement session timeout at proxy level

🔍 How to Verify

Check if Vulnerable:

Check firmware version in web interface: Settings > System Information

Check Version:

Check via web interface or consult device documentation for CLI commands

Verify Fix Applied:

Verify firmware version is updated beyond 1.0.4 and test that tokens expire after session timeout

📡 Detection & Monitoring

Log Indicators:

  • Multiple authentication attempts from new IPs
  • Configuration changes from unexpected sources
  • Session tokens being used from multiple IPs

Network Indicators:

  • Unusual traffic patterns to Q-SMT web interface
  • Token values in cleartext network captures

SIEM Query:

source="q-smt-logs" AND (event_type="auth" AND src_ip NOT IN allowed_ips) OR (event_type="config_change" AND user!=expected_user)

📊 Metadata

CVE ID: CVE-2024-8888
CVSS v3 Score: 10.0 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-613
Published: September 18, 2024
Last Updated: October 1, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-8888, you might also want to check these:

CVE-2023-5865 9.8

This vulnerability in phpMyFAQ allows attackers to maintain access to user sessions beyond intended ...

Same vulnerability type (CWE-613)
CVE-2024-25718 9.8

This vulnerability in the Samly package for Elixir allows expired authentication sessions to remain ...

Same vulnerability type (CWE-613)
CVE-2020-27422 9.8

This vulnerability in Anuko Time Tracker allows attackers to reuse password reset links after they'v...

Same vulnerability type (CWE-613)