CVE-2022-41154

Name of the Vulnerable Software and Affected Versions Siretta QUARTZ-GOLD version G5.0.1.5-210720-141020

Description A directory traversal issue exists in the m2m DELETE FILE cmd functionality. This can be exploited by sending a specially-crafted network packet, leading to arbitrary file deletion. An attacker can trigger this issue by sending a network request.

Recommendations For version G5.0.1.5-210720-141020, as a temporary workaround, consider restricting access to the m2m DELETE FILE cmd functionality until a patch is available. Avoid using this functionality in untrusted networks to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.