CVE-2024-8888 | Insufficient Session Expiration vulnerability on CIRCUTOR Q-SMT
An attacker with access to the network where CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could steal the tokens used on the web, since these have no expiration date to access the web application without restrictions. Token theft can originate from different methods such as network captures, locally stored web information, etc.
Conclusion & alert: CVE-2024-8888 is rated Moderate Risk (51.7/100): CVSS Critical severity, with low exploitation likelihood (EPSS 0.41%).Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
Exploit prediction scoring system (EPSS) score for CVE-2024-8888
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).