Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Insufficient Session Expiration vulnerability on CIRCUTOR Q-SMT
Vulnerability Description
An attacker with access to the network where CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could steal the tokens used on the web, since these have no expiration date to access the web application without restrictions. Token theft can originate from different methods such as network captures, locally stored web information, etc.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
不充分的会话过期机制
Vulnerability Title
CIRCUTOR Q-SMT 代码问题漏洞
Vulnerability Description
CIRCUTOR Q-SMT是CIRCUTOR公司的一个工业硬件设备。 CIRCUTOR Q-SMT 1.0.4版本存在代码问题漏洞,该漏洞源于使用的令牌没有过期日期,导致攻击者可以通过网络捕获、本地存储的网页信息等不同方法窃取令牌,并无限制地访问网页应用。
CVSS Information
N/A
Vulnerability Type
N/A