{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T03:33:17.811","vulnerabilities":[{"cve":{"id":"CVE-2024-8888","sourceIdentifier":"cve-coordination@incibe.es","published":"2024-09-18T12:15:03.520","lastModified":"2024-10-01T19:30:35.400","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An attacker with access to the network where CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could steal the tokens used on the web, since these have no expiration date to access the web application without restrictions. Token theft can originate from different methods such as network captures, locally stored web information, etc."},{"lang":"es","value":"Un atacante con acceso a la red donde se encuentra CIRCUTOR Q-SMT en su versión de firmware 1.0.4, podría robar los tokens utilizados en la web, ya que estos no tienen fecha de caducidad para acceder a la aplicación web sin restricciones. El robo de tokens puede tener su origen en diferentes métodos como capturas de red, información web almacenada localmente, etc."}],"metrics":{"cvssMetricV31":[{"source":"cve-coordination@incibe.es","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"cve-coordination@incibe.es","type":"Secondary","description":[{"lang":"en","value":"CWE-613"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:circutor:q-smt_firmware:1.0.4:*:*:*:*:*:*:*","matchCriteriaId":"292A461E-4540-40B6-9366-E78BA7EB5EB9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:circutor:q-smt:-:*:*:*:*:*:*:*","matchCriteriaId":"9DA81978-4905-41F2-869B-430A9AEC2EEC"}]}]}],"references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-circutor-products","source":"cve-coordination@incibe.es","tags":["Third Party Advisory"]}]}}]}