CVE-2024-8892

CRITICAL Year: 2024
CVSS v3 Score
9.1
Critical
Weakness Type
CWE-400
View all →

Vulnerability Description

Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify any configuration value, even if the device has the user/password authentication option enabled, without authentication by sending packets through the UDP protocol and port 2000, deconfiguring the device and thus disabling its use. This equipment is at the end of its useful life cycle.

Related Vulnerabilities

CVE-2018-3739

CRITICAL
CVSS:9.1(Critical)

https-proxy-agent before 2.1.1 passes auth option to the Buffer constructor without proper sanitization, resulting in DoS and uninitialized memory leak in setups where an attacker could submit typed i...

CWE-4002018

CVE-2018-3767

CRITICAL
CVSS:9.1(Critical)

`memjs` versions <= 1.1.0 allocates and stores buffers on typed input, resulting in DoS and uninitialized memory usage.

CWE-4002018

CVE-2019-9750

CRITICAL
CVSS:9.1(Critical)

In IoTivity through 1.3.1, the CoAP server interface can be used for Distributed Denial of Service attacks using source IP address spoofing and UDP-based traffic amplification. The reflected traffic i...

CWE-4002019

CVE-2022-24118

CRITICAL
CVSS:9.1(Critical)

Certain General Electric Renewable Energy products allow attackers to use a code to trigger a reboot into the factory default configuration. This affects iNET and iNET II before 8.3.0, SD before 6.4.7...

CWE-4002022

CVE-2022-27889

CRITICAL
CVSS:9.1(Critical)

The Multipass service was found to have code paths that could be abused to cause a denial of service for authentication or authorization operations. A malicious attacker could perform an application-l...

CWE-4002022

CVE-2024-45163

CRITICAL
CVSS:9.1(Critical)

The Mirai botnet through 2024-08-19 mishandles simultaneous TCP connections to the CNC (command and control) server. Unauthenticated sessions remain open, causing resource consumption. For example, an...

CWE-4002024