CVE-2024-8889

CRITICAL
Published Sep 18, 2024 Modified Oct 7, 2024 CWE-20

Description

Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify any configuration value, even if the device has the user/password authentication option enabled, without authentication by sending packets through the UDP protocol and port 2000, deconfiguring the device and thus disabling its use. This equipment is at the end of its useful life cycle.

Is your site exposed to CVE-2024-8889?

Run a free security scan — no signup, results in seconds.

CVSS v3.1 Score

9.3
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H

Weakness Type (CWE)

CWE-20 Improper Input Validation

Affected Products

Vendor Product
circutor tcp2rs\+_firmware
circutor tcp2rs\+

References

Frequently Asked Questions

What is CVE-2024-8889? +
Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify any configuration value, even if the device has the user/password authentication option enabled, without authentication by sending packets through the UDP protocol and port 2000, deconfiguring the device and thus disabling its use. This equipment is at the end of its useful life cycle. It has a CVSS v3.1 base score of 9.3 (CRITICAL).
How severe is CVE-2024-8889? +
CVE-2024-8889 has a CVSS v3.1 score of 9.3 out of 10, rated CRITICAL. This is a critical vulnerability that should be patched immediately.
What products are affected by CVE-2024-8889? +
CVE-2024-8889 affects products from circutor, specifically: tcp2rs\+, tcp2rs\+_firmware. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2024-8889? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2024-8889 — free, no signup required.