CVE-2022-40990

CVE-2022-40990 refers to multiple stack-based buffer overflow vulnerabilities in the DetranCLI command parsing of the Siretta QUARTZ-GOLD G5.0.1.5-210720-141020 firmware. The TALOS advisory confirms a stack-based overflow in the DetranCLI templates, notably the command template starting with no b...

CVE-2022-40994

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...

CVE-2022-40997

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...

CVE-2022-40998

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...

CVE-2022-40997

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...

CVE-2022-40988

Siretta QUARTZ-GOLD (G5.0.1.5-210720-141020) has stack-based buffer overflow vulnerabilities in the DetranCLI command parsing, specifically the ipv6 static dns WORD WORD WORD template. TALOS details show a vulnerable use of sprintf without proper bounds checking, enabling arbitrary command execut...

CVE-2022-40985

The connected Talos advisories confirm CVE-2022-40985 affects Siretta QUARTZ-GOLD (G5.0.1.5-210720-141020) with stack-based/remote command execution paths, including an arbitrary command execution sequence linked to the M2M/web features. Affected component: QUARTZ-GOLD firmware and its CLI/HTTP/M...

CVE-2022-40987

CVE-2022-40987 affects Siretta QUARTZ-GOLD, specifically the DetranCLI command parsing stack-based buffer overflow in the G5.0.1.5-210720-141020 firmware. The issue stems from unsafe buffer handling in the command template for (ddns1|ddns2) username WORD password CODE, where a stack overflow can ...

CVE-2022-40985

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...

PT-2023-13953 · Siretta · Siretta Quartz-Gold

Name of the Vulnerable Software and Affected Versions: Siretta QUARTZ-GOLD version G5.0.1.5-210720-141020 Description: Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality. A specially-crafted network packet can lead to arbitrary command...

PT-2023-13957 · Siretta · Siretta Quartz-Gold

Name of the Vulnerable Software and Affected Versions: Siretta QUARTZ-GOLD version 5.0.1.5-210720-141020 Description: The issue concerns stack-based buffer overflow vulnerabilities in the DetranCLI command parsing functionality. A specially-crafted network packet can lead to arbitrary command...

PT-2023-13955 · Siretta · Siretta Quartz-Gold

Name of the Vulnerable Software and Affected Versions: Siretta QUARTZ-GOLD version G5.0.1.5-210720-141020 Description: Several stack-based buffer overflow issues exist in the DetranCLI command parsing functionality. A specially-crafted network packet can lead to arbitrary command execution. An...

Siretta QUARTZ-GOLD DetranCLI command parsing stack-based buffer overflow vulnerabilities

Talos Vulnerability Report TALOS-2022-1613 Siretta QUARTZ-GOLD DetranCLI command parsing stack-based buffer overflow vulnerabilities January 26, 2023 CVE Number...