8439 matches found
CVE-2022-41011
CVE-2022-41011 concerns Siretta QUARTZ-GOLD, version G5.0.1.5-210720-141020. Talos reports multiple stack-based buffer overflows in the DetranCLI command parsing for the template: schedule link1 WORD link2 WORD policy (failover|backup) description (WORD|null). Successful exploitation could lead t...
CVE-2022-41009
CVE-2022-41009 affects Siretta QUARTZ-GOLD with DetranCLI command parsing: stack-based buffer overflows in the port trig er protocol command template (port triger protocol … description WORD) can lead to arbitrary command execution. Affected version: Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. TA...
CVE-2022-40999
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...
CVE-2022-41000
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...
CVE-2022-41004
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...
CVE-2022-40999
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...
CVE-2022-41004
CVE-2022-41004 affects Siretta QUARTZ-GOLD (G5.0.1.5-210720-141020) via stack-based buffer overflows in the DetranCLI command parsing, specifically in the no ip nat outside source template. Talos reports multiple CVEs in the same family with exploit paths leading to arbitrary command execution; C...
CVE-2022-41003
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...
CVE-2022-41005
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...
CVE-2022-40998
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...
CVE-2022-40990
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...
CVE-2022-40991
CVE-2022-40991 affects Siretta QUARTZ-GOLD (G5.0.1.5-210720-141020) via the DetranCLI command parsing stack-based buffer overflow in the command template for firmwall domain WORD description (WORD|null) . A crafted network packet sequence can trigger a overflow leading to arbitrary command execut...
CVE-2022-40994
CVE-2022-40994 affects Siretta QUARTZ-GOLD (G5.0.1.5-210720-141020). Talos-2022-1613 documents stack-based buffer overflow vulnerabilities in the DetranCLI command parsing, specifically in templates like no firmwall keyword WORD description (WORD|null). The issues arise from unsafe use of formatt...
CVE-2022-40993
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...
CVE-2022-40996
The TALOS-2022-1613 report details CVE-2022-40996 affecting Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. The vulnerability is a stack-based buffer overflow in the DetranCLI command parsing framework, specifically within a command template such as no firmwall srcmac/srcip/dstip/protocol/srcport/dst...
CVE-2022-40996
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...
CVE-2022-40993
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...
CVE-2022-40985
The connected Talos advisories confirm CVE-2022-40985 affects Siretta QUARTZ-GOLD (G5.0.1.5-210720-141020) with stack-based/remote command execution paths, including an arbitrary command execution sequence linked to the M2M/web features. Affected component: QUARTZ-GOLD firmware and its CLI/HTTP/M...
CVE-2022-40988
Siretta QUARTZ-GOLD (G5.0.1.5-210720-141020) has stack-based buffer overflow vulnerabilities in the DetranCLI command parsing, specifically the ipv6 static dns WORD WORD WORD template. TALOS details show a vulnerable use of sprintf without proper bounds checking, enabling arbitrary command execut...
CVE-2022-40988
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...