3 matches found
CVE-2021-21908
Specially-crafted command line arguments can lead to arbitrary file deletion. The handledelete function does not attempt to sanitize or otherwise validate the contents of the file parameter passed to the function as argv1, allowing an authenticated attacker to supply directory traversal primitive...
CVE-2021-21908
Garrett Metal Detectors iC Module CMA v5.0 exposes an authenticated CLI over TCP (port 6877) with del and delenv commands. TALOS details CVE-2021-21908: handle_delete does not validate argv[1], allowing directory traversal to delete files (e.g., via delenv or via non-.cnt/.log paths). The del fun...
Garrett Metal Detectors iC Module CMA CLI del[env] command directory traversal vulnerabilities
Summary Directory traversal vulnerabilities exist in the CMA CLI del and delenv commands of Garrett Metal Detectors’ iC Module CMA Version 5.0. Specially-crafted command line arguments can lead to arbitrary file deletion. An attacker can provide malicious inputs to trigger these vulnerabilities...