Filtered by vendor Siretta
Subscribe
Total
64 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-41001 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'icmp check link WORD destination WORD interval <1-255> retries <1-255> description (WORD|null)' command template. | |||||
CVE-2022-41022 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2024-02-28 | N/A | 7.2 HIGH |
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no vpn l2tp advanced name WORD dns (yes|no) mtu <128-16384> mru <128-16384> auth (on|off) password (WORD|null) options WORD' command template. | |||||
CVE-2022-38066 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2024-02-28 | N/A | 8.8 HIGH |
An OS command injection vulnerability exists in the httpd SNMP functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP response can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability. | |||||
CVE-2022-41028 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2024-02-28 | N/A | 7.2 HIGH |
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no vpn schedule name1 WORD name2 WORD policy (failover|backup) description (WORD|null)' command template. |