CVE-2024-8892
Last modified
CVE-2024-8892 is a critical-severity vulnerability rated 9.1/10 on the CVSS scale. Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify any configuration value, even if the device has the user/password authentication option enabled, without authentication by sending packets through the UDP protocol and port 2000, deconfiguring the device and thus disabling its use. This equipment is at the end of its useful life cycle.. EPSS estimates a 0.34% chance of exploitation in the next 30 days.
Description
Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify any configuration value, even if the device has the user/password authentication option enabled, without authentication by sending packets through the UDP protocol and port 2000, deconfiguring the device and thus disabling its use. This equipment is at the end of its useful life cycle.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Circutor | Tcp2rs\+ Firmware | 1.3b |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-8892?
How severe is CVE-2024-8892?
How do I fix CVE-2024-8892?
Are you affected by CVE-2024-8892?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST