PT-2022-14034 · Circutor · Compact Dc-S Basic+1
Angel Garcia Moreno
·
Published
2022-05-24
·
Updated
2022-06-10
·
CVE-2022-1669
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Device management web portal (affected versions not specified)
Description
A buffer overflow vulnerability has been detected in the firewall function of the device management web portal. The device runs a CGI binary (index.cgi) to offer a management web application. Once authenticated with valid credentials in this web portal, a potential attacker could submit any "Address" value and it would be copied to a second variable with a
strcpy vulnerable function without checking its length. Because of this, it is possible to send a long address value to overflow the process stack, controlling the function return address.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Stack Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Compact Dc-S Basic
Compact Dc-S Basic Firmware