CVE-2022-42492

Name of the Vulnerable Software and Affected Versions Siretta QUARTZ-GOLD version G5.0.1.5-210720-141020

Description Several OS command injection issues exist in the m2m binary, allowing arbitrary command execution through a specially-crafted network request. An attacker can trigger these issues by sending a network request, specifically through the m2m's DOWNLOAD AD command.

Recommendations For Siretta QUARTZ-GOLD version G5.0.1.5-210720-141020, as a temporary workaround, consider disabling the DOWNLOAD AD command in the m2m binary until a patch is available. Restrict access to the m2m binary to minimize the risk of exploitation. Avoid using the DOWNLOAD AD command in the affected m2m binary until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.