Circutor Circutor

  1. Vendors
  2. Circutor

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Circutor product.

RSS Feeds for Circutor security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Circutor products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Circutor Sorted by Most Security Vulnerabilities since 2018

Circutor Tcprs1plus5 vulnerabilities

Circutor Q Smt Firmware4 vulnerabilities

Circutor Tcp2rs Firmware2 vulnerabilities

By the Year

In 2026 there have been 0 vulnerabilities in Circutor. Last year, in 2025 Circutor had 5 security vulnerabilities published. Right now, Circutor is on track to have less security vulnerabilities in 2026 than it did last year.

Year Vulnerabilities Average Score
2026 0 0.00
2025 5 0.00
2024 6 8.07

It may take a day or so for new Circutor vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Circutor Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2025-64385 Oct 31, 2025
UDP Config Gain without Auth via MAC on IoT Device The equipment initially can be configured using the manufacturer's application, by Wi-Fi, by the web server or with the manufacturers software. Using the manufacturer's software, the device can be configured via UDP. Analyzing this communication, it has been observed that any aspect of the initial configuration can be changed by means of the device's MAC without the need for authentication.
Tcprs1plus
CVE-2025-64389 Oct 31, 2025
Sensitive Info Leak: Clear Text Transmission in Device Web Server The web server of the device performs exchanges of sensitive information in clear text through an insecure protocol.
Tcprs1plus
CVE-2025-64388 Oct 31, 2025
Apache HTTP Server DoS via crafted HTTP requests Denial of service of the web server through specific requests to this protocol
Tcprs1plus
CVE-2025-64387 Oct 31, 2025
Clickjacking Vulnerability in Web App (CVE-2025-64387) The web application is vulnerable to a so-called clickjacking attack. In this type of attack, the vulnerable page is inserted into a page controlled by the attacker in order to deceive the victim. This deception can range from making the victim click on a button to making them enter their login credentials in a form that, a priori, appears legitimate.
Tcprs1plus
CVE-2025-64386 Oct 31, 2025
JWT Session Hijacking via Token Reuse in IoT Web Server The equipment grants a JWT token for each connection in the timeline, but during an active valid session, a hijacking of the token can be done. This will allow an attacker with the token modify parameters of security, access or even steal the session without the legitimate and active session detecting it. The web server allows the attacker to reuse an old session JWT token while the legitimate session is active.
Tcprs1plus
CVE-2024-8891 Sep 18, 2024
User Enumeration via Server Responses in Circutor QSMT 1.0.4 An attacker with no knowledge of the current users in the web application, could build a dictionary of potential users and check the server responses as it indicates whether or not the user is present in CIRCUTOR Q-SMT in its firmware version 1.0.4.
Q Smt Firmware
CVE-2024-8890 Sep 18, 2024
CIRCUTOR QSMT v1.0.4 HTTP Lacks SSL, Enables Credential Theft An attacker with access to the network where the CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could obtain legitimate credentials or steal sessions due to the fact that the device only implements the HTTP protocol. This fact prevents a secure communication channel from being established.
Q Smt Firmware
CVE-2024-8892 Sep 18, 2024
CIRCUTOR TCP2RS+ 1.3b: UDP Auth Bypass Enables Config Changes Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify any configuration value, even if the device has the user/password authentication option enabled, without authentication by sending packets through the UDP protocol and port 2000, deconfiguring the device and thus disabling its use. This equipment is at the end of its useful life cycle.
Tcp2rs Firmware
CVE-2024-8888 Sep 18, 2024
CIRCUTOR Q-SMT v1.0.4 Web Token Theft (no expiration) An attacker with access to the network where CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could steal the tokens used on the web, since these have no expiration date to access the web application without restrictions. Token theft can originate from different methods such as network captures, locally stored web information, etc.
Q Smt Firmware
CVE-2024-8889 Sep 18, 2024
CIRCUTOR TCP2RS+ 1.3b UDP Auth Bypass via Port 2000 Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify any configuration value, even if the device has the user/password authentication option enabled, without authentication by sending packets through the UDP protocol and port 2000, deconfiguring the device and thus disabling its use. This equipment is at the end of its useful life cycle.
Tcp2rs Firmware
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.