PT-2023-13677 · Siretta · Siretta Quartz-Gold
Francesco Benvenuto
·
Published
2023-01-26
·
Updated
2023-02-02
·
CVE-2022-39045
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Siretta QUARTZ-GOLD version G5.0.1.5-210720-141020
Description
A file write issue exists in the httpd upload.cgi functionality. This can be triggered by a specially-crafted HTTP request, leading to arbitrary file upload. An attacker can exploit this by sending a crafted HTTP request.
Recommendations
For version G5.0.1.5-210720-141020, consider restricting access to the upload.cgi functionality until a fix is available. As a temporary workaround, disabling the upload functionality can help minimize the risk of exploitation.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Siretta Quartz-Gold