📦 Q Smt Firmware

An attacker on the same network as a vulnerable CIRCUTOR Q-SMT device can steal authentication tokens that never expire, allowing unrestricted access to the web application. This affects CIRCUTOR Q-SM...

CVE-2024-8887 is an authentication bypass vulnerability in CIRCUTOR Q-SMT firmware that allows attackers to access all web interface functionalities without credentials. This affects CIRCUTOR Q-SMT de...

CVE-2024-8890 allows attackers on the same network as vulnerable CIRCUTOR Q-SMT devices to intercept credentials and hijack sessions because the device only uses HTTP without encryption. This affects ...

This vulnerability allows attackers to enumerate valid user accounts in CIRCUTOR Q-SMT devices by analyzing server responses to authentication attempts. Attackers can build user dictionaries without p...