7638 matches found
CVE-2022-40997
CVE-2022-40997 affects Siretta QUARTZ-GOLD routers (G5.0.1.5-210720-141020). The DetranCLI command parser contains stack-based buffer overflows in the gre index destination A.B.C.D/M description (WORD|null) template, which can be triggered by specially crafted network packets to achieve arbitrar...
CVE-2022-40993
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...
CVE-2022-40991
CVE-2022-40991 affects Siretta QUARTZ-GOLD (G5.0.1.5-210720-141020) via the DetranCLI command parsing stack-based buffer overflow in the command template for firmwall domain WORD description (WORD|null) . A crafted network packet sequence can trigger a overflow leading to arbitrary command execut...
CVE-2022-40994
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...
CVE-2022-40997
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...
CVE-2022-40996
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...
CVE-2022-40998
CVE-2022-40998 concerns stack-based buffer overflow vulnerabilities in the DetranCLI command parsing of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. The issue is triggered by the DetranCLI command template no gre index destination A.B.C.D/M description (WORD|null), where improper handling can lea...
CVE-2022-40995
CVE-2022-40995 concerns the Siretta QUARTZ-GOLD router family (G5.0.1.5-210720-141020). The TALOS-2022-1613 advisory and related feeds describe stack-based buffer overflow vulnerabilities in the DetranCLI command parsing, specifically the firmwall command template (srcmac, srcip, dstip, protocol,...
CVE-2022-40990
CVE-2022-40990 refers to multiple stack-based buffer overflow vulnerabilities in the DetranCLI command parsing of the Siretta QUARTZ-GOLD G5.0.1.5-210720-141020 firmware. The TALOS advisory confirms a stack-based overflow in the DetranCLI templates, notably the command template starting with no b...
CVE-2022-40990
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...
CVE-2022-40985
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...
CVE-2022-40988
Siretta QUARTZ-GOLD (G5.0.1.5-210720-141020) has stack-based buffer overflow vulnerabilities in the DetranCLI command parsing, specifically the ipv6 static dns WORD WORD WORD template. TALOS details show a vulnerable use of sprintf without proper bounds checking, enabling arbitrary command execut...
CVE-2022-40988
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...
CVE-2022-40985
The connected Talos advisories confirm CVE-2022-40985 affects Siretta QUARTZ-GOLD (G5.0.1.5-210720-141020) with stack-based/remote command execution paths, including an arbitrary command execution sequence linked to the M2M/web features. Affected component: QUARTZ-GOLD firmware and its CLI/HTTP/M...
CVE-2022-40987
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...
CVE-2022-40989
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...
CVE-2022-38066
CVE-2022-38066 is an OS command injection in Siretta QUARTZ-GOLD’s httpd SNMP feature. Talos reports a vulnerability in QUARTZ-GOLD G5.0.1.5-210720-141020 where the SNMP daemon reads custom OIDs that map to exec entries in /etc/snmpd.conf. An unauthenticated or authenticated attacker can trigger ...
CVE-2022-38066
An OS command injection vulnerability exists in the httpd SNMP functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP response can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability...
CVE-2022-40222
An OS command injection vulnerability exists in the m2m DELETEFILE cmd functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability...
CVE-2022-42493
Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is...