Lucene search
K

40 matches found

Prion
Prion
added 2021/12/22 7:15 p.m.20 views

Stack overflow

Stack-based buffer overflow vulnerability exists in how the CMA readfile function of Garrett Metal Detectors iC Module CMA Version 5.0 is used at various locations. The Garrett iC Module exposes an authenticated CLI over TCP port 6877. This interface is used by a secondary GUI client, called “CMA...

8.5CVSS7AI score0.00953EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2021/12/22 7:15 p.m.22 views

Stack overflow

Stack-based buffer overflow vulnerability exists in how the CMA readfile function of Garrett Metal Detectors iC Module CMA Version 5.0 is used at various locations. The Garrett iC Module exposes an authenticated CLI over TCP port 6877. This interface is used by a secondary GUI client, called “CMA...

9CVSS7.1AI score0.00974EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2021/12/22 7:15 p.m.19 views

Directory traversal

A directory traversal vulnerability exists in the CMA CLI setenv command of Garrett Metal Detectors’ iC Module CMA Version 5.0. An attacker can provide malicious input to trigger this vulnerability...

9CVSS6.9AI score0.02817EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2021/12/22 6:6 p.m.63 views

CVE-2021-21907

Garrett Metal Detectors iC Module CMA CMA Version 5.0 has a directory traversal vulnerability in the CMA CLI getenv command. An authenticated remote user can supply a key that reads files under /ltrx_user/env/, potentially exposing sensitive data via local file inclusion. The TALOS description no...

4.9CVSS5.4AI score0.01423EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/12/22 6:6 p.m.30 views

CVE-2021-21907

A directory traversal vulnerability exists in the CMA CLI getenv command functionality of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted command line argument can lead to local file inclusion. An attacker can provide malicious input to trigger this vulnerability...

4.9CVSS5.4AI score0.01423EPSS
Exploits1References1
CVE
CVE
added 2021/12/22 6:6 p.m.53 views

CVE-2021-21906

CVE-2021-21906 affects Garrett Metal Detectors iC Module CMA Version 5.0. TALOS details two stack-based buffer overflow flaws in CMA's readfile and in the ipconfig/password-handling code paths, enabling potential remote code execution via crafted inputs over the authenticated CLI on TCP port 6877...

9CVSS7.3AI score0.00974EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2021/12/22 6:6 p.m.62 views

CVE-2021-21905

CVE-2021-21905 affects Garrett Metal Detectors iC Module CMA Version 5.0. TALOS details show two stack-based buffer overflow flaws in CMA readfile and related ipconfig handling, triggered via an authenticated CLI over TCP 6877 (CMA Connect). The core issue is unsafe reads into fixed buffers (tmp_...

8.5CVSS7.3AI score0.00953EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/12/22 6:6 p.m.45 views

CVE-2021-21904

A directory traversal vulnerability exists in the CMA CLI setenv command of Garrett Metal Detectors’ iC Module CMA Version 5.0. An attacker can provide malicious input to trigger this vulnerability...

9.1CVSS7.2AI score0.02817EPSS
Exploits1References1
CVE
CVE
added 2021/12/22 6:6 p.m.59 views

CVE-2021-21904

CVE-2021-21904 affects Garrett Metal Detectors iC Module CMA Version 5.0. A directory traversal vulnerability exists in the CMA CLI setenv command, enabling an authenticated remote user to overwrite or create files via crafted key/value pairs and, in practice, may lead to arbitrary code execution...

9.1CVSS7.1AI score0.02817EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2021/12/22 6:6 p.m.63 views

CVE-2021-21903

CVE-2021-21903 is a stack-based buffer overflow in Garrett Metal Detectors’ iC Module CMA Version 5.0. The vulnerability occurs in the CMA check_udp_crc path where a UDP-CRC field is copied with strcpy into an 8-byte buffer (input_crc_str) without bounds checking, enabling remote attackers to ove...

10CVSS9.5AI score0.0173EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2021/12/22 6:6 p.m.66 views

CVE-2021-21902

The TALOS advisory documents an authentication bypass in Garrett Metal Detectors iC Module CMA Version 5.0, specifically in the CMA run_server_6877 function. A race condition allows an attacker with no password to hijack an authenticated session by copying the attacker’s socket over the legitimat...

9.3CVSS8.1AI score0.01723EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2021/12/22 6:6 p.m.65 views

CVE-2021-21901

CVE-2021-21901 affects Garrett Metal Detectors iC Module CMA Version 5.0. The vulnerability is a stack-based buffer overflow in CMA’s UDP CRC check (check_udp_crc) caused by copying the 256-byte internal buffer with memcpy from a 512-byte UDP payload. A crafted UDP packet can overflow the destina...

9.8CVSS8.8AI score0.01556EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2021/12/22 12:0 a.m.11 views

PT-2021-14830 · Garrett Metal Detectors · Ic Module Cma

Name of the Vulnerable Software and Affected Versions: iC Module CMA version 5.0 Description: A directory traversal vulnerability exists in the CMA CLI setenv command of Garrett Metal Detectors’ iC Module CMA. An attacker can provide malicious input to trigger this vulnerability. Recommendations:...

9.1CVSS8AI score0.02817EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2021/12/22 12:0 a.m.4 views

PT-2021-14833 · Unknown · Ic Module Cma

Name of the Vulnerable Software and Affected Versions: iC Module CMA Version 5.0 Description: A directory traversal issue exists in the CMA CLI getenv command functionality, allowing a specially-crafted command line argument to lead to local file inclusion. An attacker can provide malicious input...

4.9CVSS5.3AI score0.01423EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2021/12/22 12:0 a.m.5 views

PT-2021-14827 · Unknown · Ic Module Cma

Name of the Vulnerable Software and Affected Versions: iC Module CMA version 5.0 Description: A stack-based buffer overflow issue exists in the CMA check udp crc function. This can be triggered by a specially-crafted packet, leading to a buffer overflow during a call to memcpy. An attacker can...

9.8CVSS9.3AI score0.01556EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2021/12/22 12:0 a.m.7 views

PT-2021-14831 · Garrett Metal Detectors · Garrett Metal Detectors Ic Module Cma

Name of the Vulnerable Software and Affected Versions: Garrett Metal Detectors iC Module CMA version 5.0 Description: A stack-based buffer overflow issue exists in the CMA readfile function of the Garrett Metal Detectors iC Module. The iC Module provides an authenticated command-line interface ov...

8.5CVSS7.5AI score0.00953EPSS
Exploits1References3
Talos
Talos
added 2021/12/20 12:0 a.m.41 views

Garrett Metal Detectors iC Module CMA check_udp_crc strcpy stack-based buffer overflow vulnerability

Summary A stack-based buffer overflow vulnerability exists in the CMA checkudpcrc function of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted packet can lead to a stack-based buffer overflow during a call to strcpy. An attacker can send a malicious packet to trigger this...

10CVSS9.6AI score0.0173EPSS
Exploits1
Talos
Talos
added 2021/12/20 12:0 a.m.38 views

Garrett Metal Detectors iC Module CMA CLI del[env] command directory traversal vulnerabilities

Summary Directory traversal vulnerabilities exist in the CMA CLI del and delenv commands of Garrett Metal Detectors’ iC Module CMA Version 5.0. Specially-crafted command line arguments can lead to arbitrary file deletion. An attacker can provide malicious inputs to trigger these vulnerabilities...

8.1CVSS7.5AI score0.01441EPSS
Exploits2
Talos
Talos
added 2021/12/20 12:0 a.m.42 views

Garrett Metal Detectors iC Module CMA CLI setenv command directory traversal vulnerability

Summary A directory traversal vulnerability exists in the CMA CLI setenv command of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted command line argument can lead to arbitrary file overwrite. An attacker can provide malicious input to trigger this vulnerability. Tested...

9.1CVSS7.7AI score0.02817EPSS
Exploits1
Talos
Talos
added 2021/12/20 12:0 a.m.32 views

Garrett Metal Detectors iC Module CMA check_udp_crc memcpy stack-based buffer overflow vulnerability

Summary A stack-based buffer overflow vulnerability exists in the CMA checkudpcrc function of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted packet can lead to a stack-based buffer overflow during a call to memcpy. An attacker can send a malicious packet to trigger this...

9.8CVSS8.9AI score0.01556EPSS
Exploits1
Rows per page
Query Builder