Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
64 vulnerabilities by Siretta
VAR-202301-1811
Vulnerability from variot - Updated: 2023-12-18 14:03A directory traversal vulnerability exists in the httpd delfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to arbitrary file deletion. An attacker can send an HTTP request to trigger this vulnerability. Siretta QUARTZ-GOLD Exists in a past traversal vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed dual-port Gigabit Ethernet industrial router from Siretta Company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202301-1811",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quartz-gold",
"scope": "eq",
"trust": 1.0,
"vendor": "siretta",
"version": "g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": "quartz-gold firmware g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": null
},
{
"model": "quartz-gold g5.0.1.5-210720-141020",
"scope": null,
"trust": 0.6,
"vendor": "siretta",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17076"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006970"
},
{
"db": "NVD",
"id": "CVE-2022-40701"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siretta:quartz-gold_firmware:g5.0.1.5-210720-141020:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siretta:quartz-gold:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-40701"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1937"
}
],
"trust": 0.6
},
"cve": "CVE-2022-40701",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CNVD-2023-17076",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2022-40701",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-40701",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-40701",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2023-17076",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202301-1937",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17076"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006970"
},
{
"db": "NVD",
"id": "CVE-2022-40701"
},
{
"db": "NVD",
"id": "CVE-2022-40701"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1937"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A directory traversal vulnerability exists in the httpd delfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to arbitrary file deletion. An attacker can send an HTTP request to trigger this vulnerability. Siretta QUARTZ-GOLD Exists in a past traversal vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed dual-port Gigabit Ethernet industrial router from Siretta Company",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-40701"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006970"
},
{
"db": "CNVD",
"id": "CNVD-2023-17076"
},
{
"db": "VULMON",
"id": "CVE-2022-40701"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-40701",
"trust": 3.9
},
{
"db": "TALOS",
"id": "TALOS-2022-1606",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006970",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-17076",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1937",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-40701",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17076"
},
{
"db": "VULMON",
"id": "CVE-2022-40701"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006970"
},
{
"db": "NVD",
"id": "CVE-2022-40701"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1937"
}
]
},
"id": "VAR-202301-1811",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17076"
}
],
"trust": 1.33040676
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17076"
}
]
},
"last_update_date": "2023-12-18T14:03:32.067000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.siretta.com/"
},
{
"title": "Patch for Siretta QUARTZ-GOLD Directory Traversal Vulnerability (CNVD-2023-17076)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/413826"
},
{
"title": "Siretta QUARTZ-GOLD Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=223708"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-40701 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17076"
},
{
"db": "VULMON",
"id": "CVE-2022-40701"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006970"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1937"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.0
},
{
"problemtype": "Path traversal (CWE-22) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-006970"
},
{
"db": "NVD",
"id": "CVE-2022-40701"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1606"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40701"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-40701/"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-40701"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17076"
},
{
"db": "VULMON",
"id": "CVE-2022-40701"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006970"
},
{
"db": "NVD",
"id": "CVE-2022-40701"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1937"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-17076"
},
{
"db": "VULMON",
"id": "CVE-2022-40701"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006970"
},
{
"db": "NVD",
"id": "CVE-2022-40701"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1937"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-17076"
},
{
"date": "2023-01-26T00:00:00",
"db": "VULMON",
"id": "CVE-2022-40701"
},
{
"date": "2023-07-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-006970"
},
{
"date": "2023-01-26T22:15:15.957000",
"db": "NVD",
"id": "CVE-2022-40701"
},
{
"date": "2023-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1937"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-17076"
},
{
"date": "2023-01-27T00:00:00",
"db": "VULMON",
"id": "CVE-2022-40701"
},
{
"date": "2023-07-11T02:21:00",
"db": "JVNDB",
"id": "JVNDB-2022-006970"
},
{
"date": "2023-02-02T17:19:01.547000",
"db": "NVD",
"id": "CVE-2022-40701"
},
{
"date": "2023-02-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1937"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1937"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siretta\u00a0QUARTZ-GOLD\u00a0 Past traversal vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-006970"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1937"
}
],
"trust": 0.6
}
}
VAR-202301-1899
Vulnerability from variot - Updated: 2023-12-18 13:59An OS command injection vulnerability exists in the httpd logs/view.cgi functionality of FreshTomato 2022.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202301-1899",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "freshtomato",
"scope": "eq",
"trust": 1.0,
"vendor": "freshtomato",
"version": "2022.5"
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 1.0,
"vendor": "siretta",
"version": "g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold",
"scope": null,
"trust": 0.8,
"vendor": "siretta",
"version": null
},
{
"model": "freshtomato",
"scope": null,
"trust": 0.8,
"vendor": "freshtomato",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008192"
},
{
"db": "NVD",
"id": "CVE-2022-42484"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:freshtomato:freshtomato:2022.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siretta:quartz-gold_firmware:g5.0.1.5-210720-141020:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siretta:quartz-gold:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-42484"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-2353"
}
],
"trust": 0.6
},
"cve": "CVE-2022-42484",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-42484",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-42484",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-42484",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202301-2353",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008192"
},
{
"db": "NVD",
"id": "CVE-2022-42484"
},
{
"db": "NVD",
"id": "CVE-2022-42484"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-2353"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An OS command injection vulnerability exists in the httpd logs/view.cgi functionality of FreshTomato 2022.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-42484"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008192"
},
{
"db": "VULMON",
"id": "CVE-2022-42484"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-42484",
"trust": 3.3
},
{
"db": "TALOS",
"id": "TALOS-2022-1641",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008192",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202301-2353",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-42484",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-42484"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008192"
},
{
"db": "NVD",
"id": "CVE-2022-42484"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-2353"
}
]
},
"id": "VAR-202301-1899",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.73040676
},
"last_update_date": "2023-12-18T13:59:19.619000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page Siretta\u00a0LimitedSiretta",
"trust": 0.8,
"url": "https://www.freshtomato.org/"
},
{
"title": "FreshTomato Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=223603"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008192"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-2353"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008192"
},
{
"db": "NVD",
"id": "CVE-2022-42484"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1641"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42484"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-42484/"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-42484"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-42484"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008192"
},
{
"db": "NVD",
"id": "CVE-2022-42484"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-2353"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-42484"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008192"
},
{
"db": "NVD",
"id": "CVE-2022-42484"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-2353"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-30T00:00:00",
"db": "VULMON",
"id": "CVE-2022-42484"
},
{
"date": "2023-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-008192"
},
{
"date": "2023-01-30T11:15:09.553000",
"db": "NVD",
"id": "CVE-2022-42484"
},
{
"date": "2023-01-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-2353"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-30T00:00:00",
"db": "VULMON",
"id": "CVE-2022-42484"
},
{
"date": "2023-07-25T04:31:00",
"db": "JVNDB",
"id": "JVNDB-2022-008192"
},
{
"date": "2023-02-06T21:51:02.817000",
"db": "NVD",
"id": "CVE-2022-42484"
},
{
"date": "2023-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-2353"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-2353"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FreshTomato\u00a0 In \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008192"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-2353"
}
],
"trust": 0.6
}
}
VAR-202301-1963
Vulnerability from variot - Updated: 2023-12-18 13:55An OS command injection vulnerability exists in the httpd SNMP functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP response can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability. Siretta QUARTZ-GOLD for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed dual-port Gigabit Ethernet industrial router from Siretta Company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202301-1963",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quartz-gold",
"scope": "eq",
"trust": 1.0,
"vendor": "siretta",
"version": "g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": null
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": "quartz-gold firmware g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold g5.0.1.5-210720-141020",
"scope": null,
"trust": 0.6,
"vendor": "siretta",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17079"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007244"
},
{
"db": "NVD",
"id": "CVE-2022-38066"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siretta:quartz-gold_firmware:g5.0.1.5-210720-141020:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siretta:quartz-gold:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-38066"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1945"
}
],
"trust": 0.6
},
"cve": "CVE-2022-38066",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2023-17079",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-38066",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-38066",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-38066",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2023-17079",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202301-1945",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17079"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007244"
},
{
"db": "NVD",
"id": "CVE-2022-38066"
},
{
"db": "NVD",
"id": "CVE-2022-38066"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1945"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An OS command injection vulnerability exists in the httpd SNMP functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP response can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability. Siretta QUARTZ-GOLD for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed dual-port Gigabit Ethernet industrial router from Siretta Company",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-38066"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007244"
},
{
"db": "CNVD",
"id": "CNVD-2023-17079"
},
{
"db": "VULMON",
"id": "CVE-2022-38066"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-38066",
"trust": 3.9
},
{
"db": "TALOS",
"id": "TALOS-2022-1615",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007244",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-17079",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1945",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-38066",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17079"
},
{
"db": "VULMON",
"id": "CVE-2022-38066"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007244"
},
{
"db": "NVD",
"id": "CVE-2022-38066"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1945"
}
]
},
"id": "VAR-202301-1963",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17079"
}
],
"trust": 1.33040676
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17079"
}
]
},
"last_update_date": "2023-12-18T13:55:03.013000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.siretta.com/"
},
{
"title": "Patch for Siretta QUARTZ-GOLD Operating System Command Injection Vulnerability (CNVD-2023-17079)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/413836"
},
{
"title": "Siretta QUARTZ-GOLD Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=223362"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17079"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007244"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1945"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-007244"
},
{
"db": "NVD",
"id": "CVE-2022-38066"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1615"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-38066"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-38066/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17079"
},
{
"db": "VULMON",
"id": "CVE-2022-38066"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007244"
},
{
"db": "NVD",
"id": "CVE-2022-38066"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1945"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-17079"
},
{
"db": "VULMON",
"id": "CVE-2022-38066"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007244"
},
{
"db": "NVD",
"id": "CVE-2022-38066"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1945"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-17079"
},
{
"date": "2023-01-26T00:00:00",
"db": "VULMON",
"id": "CVE-2022-38066"
},
{
"date": "2023-07-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-007244"
},
{
"date": "2023-01-26T22:15:13.023000",
"db": "NVD",
"id": "CVE-2022-38066"
},
{
"date": "2023-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1945"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-17079"
},
{
"date": "2023-01-27T00:00:00",
"db": "VULMON",
"id": "CVE-2022-38066"
},
{
"date": "2023-07-13T02:19:00",
"db": "JVNDB",
"id": "JVNDB-2022-007244"
},
{
"date": "2023-02-02T17:22:42.130000",
"db": "NVD",
"id": "CVE-2022-38066"
},
{
"date": "2023-02-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1945"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1945"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siretta\u00a0QUARTZ-GOLD\u00a0 In \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-007244"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1945"
}
],
"trust": 0.6
}
}
VAR-202301-2057
Vulnerability from variot - Updated: 2023-12-18 13:50An OS command injection vulnerability exists in the httpd txt/restore.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed dual-port Gigabit Ethernet industrial router from Siretta Company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202301-2057",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quartz-gold",
"scope": "eq",
"trust": 1.0,
"vendor": "siretta",
"version": "g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": "quartz-gold firmware g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": null
},
{
"model": "quartz-gold g5.0.1.5-210720-141020",
"scope": null,
"trust": 0.6,
"vendor": "siretta",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17082"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006972"
},
{
"db": "NVD",
"id": "CVE-2022-40220"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siretta:quartz-gold_firmware:g5.0.1.5-210720-141020:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siretta:quartz-gold:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-40220"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1940"
}
],
"trust": 0.6
},
"cve": "CVE-2022-40220",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2023-17082",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-40220",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-40220",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-40220",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2023-17082",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202301-1940",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17082"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006972"
},
{
"db": "NVD",
"id": "CVE-2022-40220"
},
{
"db": "NVD",
"id": "CVE-2022-40220"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1940"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An OS command injection vulnerability exists in the httpd txt/restore.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed dual-port Gigabit Ethernet industrial router from Siretta Company",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-40220"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006972"
},
{
"db": "CNVD",
"id": "CNVD-2023-17082"
},
{
"db": "VULMON",
"id": "CVE-2022-40220"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-40220",
"trust": 3.9
},
{
"db": "TALOS",
"id": "TALOS-2022-1612",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006972",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-17082",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1940",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-40220",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17082"
},
{
"db": "VULMON",
"id": "CVE-2022-40220"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006972"
},
{
"db": "NVD",
"id": "CVE-2022-40220"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1940"
}
]
},
"id": "VAR-202301-2057",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17082"
}
],
"trust": 1.33040676
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17082"
}
]
},
"last_update_date": "2023-12-18T13:50:42.552000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.siretta.com/"
},
{
"title": "Patch for Siretta QUARTZ-GOLD Operating System Command Injection Vulnerability (CNVD-2023-17082)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/413851"
},
{
"title": "Siretta QUARTZ-GOLD Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=222960"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-40220 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17082"
},
{
"db": "VULMON",
"id": "CVE-2022-40220"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006972"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1940"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-006972"
},
{
"db": "NVD",
"id": "CVE-2022-40220"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1612"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40220"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-40220/"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-40220"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17082"
},
{
"db": "VULMON",
"id": "CVE-2022-40220"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006972"
},
{
"db": "NVD",
"id": "CVE-2022-40220"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1940"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-17082"
},
{
"db": "VULMON",
"id": "CVE-2022-40220"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006972"
},
{
"db": "NVD",
"id": "CVE-2022-40220"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1940"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-17082"
},
{
"date": "2023-01-26T00:00:00",
"db": "VULMON",
"id": "CVE-2022-40220"
},
{
"date": "2023-07-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-006972"
},
{
"date": "2023-01-26T22:15:15.300000",
"db": "NVD",
"id": "CVE-2022-40220"
},
{
"date": "2023-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1940"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-17082"
},
{
"date": "2023-01-27T00:00:00",
"db": "VULMON",
"id": "CVE-2022-40220"
},
{
"date": "2023-07-11T02:28:00",
"db": "JVNDB",
"id": "JVNDB-2022-006972"
},
{
"date": "2023-02-02T17:20:47.583000",
"db": "NVD",
"id": "CVE-2022-40220"
},
{
"date": "2023-02-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1940"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1940"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siretta\u00a0QUARTZ-GOLD\u00a0 In \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-006972"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1940"
}
],
"trust": 0.6
}
}
VAR-202301-1789
Vulnerability from variot - Updated: 2023-12-18 13:46A leftover debug code vulnerability exists in the httpd shell.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability. Siretta QUARTZ-GOLD Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed industrial router of Siretta Company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202301-1789",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quartz-gold",
"scope": "eq",
"trust": 1.0,
"vendor": "siretta",
"version": "g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": "quartz-gold firmware g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": null
},
{
"model": "quartz-gold g5.0.1.5-210720-141020",
"scope": null,
"trust": 0.6,
"vendor": "siretta",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-15940"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006974"
},
{
"db": "NVD",
"id": "CVE-2022-38715"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siretta:quartz-gold_firmware:g5.0.1.5-210720-141020:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siretta:quartz-gold:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-38715"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1942"
}
],
"trust": 0.6
},
"cve": "CVE-2022-38715",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2023-15940",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-38715",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-38715",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-38715",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2023-15940",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202301-1942",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-15940"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006974"
},
{
"db": "NVD",
"id": "CVE-2022-38715"
},
{
"db": "NVD",
"id": "CVE-2022-38715"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1942"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A leftover debug code vulnerability exists in the httpd shell.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability. Siretta QUARTZ-GOLD Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed industrial router of Siretta Company",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-38715"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006974"
},
{
"db": "CNVD",
"id": "CNVD-2023-15940"
},
{
"db": "VULMON",
"id": "CVE-2022-38715"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-38715",
"trust": 3.9
},
{
"db": "TALOS",
"id": "TALOS-2022-1610",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006974",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-15940",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1942",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-38715",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-15940"
},
{
"db": "VULMON",
"id": "CVE-2022-38715"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006974"
},
{
"db": "NVD",
"id": "CVE-2022-38715"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1942"
}
]
},
"id": "VAR-202301-1789",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-15940"
}
],
"trust": 1.33040676
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-15940"
}
]
},
"last_update_date": "2023-12-18T13:46:14.301000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.siretta.com/"
},
{
"title": "Patch for Siretta QUARTZ-GOLD Remaining Debug Code Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/412821"
},
{
"title": "Siretta QUARTZ-GOLD Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=222962"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-38715 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-15940"
},
{
"db": "VULMON",
"id": "CVE-2022-38715"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006974"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1942"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-006974"
},
{
"db": "NVD",
"id": "CVE-2022-38715"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1610"
},
{
"trust": 1.2,
"url": "https://cxsecurity.com/cveshow/cve-2022-38715/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-38715"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-38715"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-15940"
},
{
"db": "VULMON",
"id": "CVE-2022-38715"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006974"
},
{
"db": "NVD",
"id": "CVE-2022-38715"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1942"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-15940"
},
{
"db": "VULMON",
"id": "CVE-2022-38715"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006974"
},
{
"db": "NVD",
"id": "CVE-2022-38715"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1942"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-15940"
},
{
"date": "2023-01-26T00:00:00",
"db": "VULMON",
"id": "CVE-2022-38715"
},
{
"date": "2023-07-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-006974"
},
{
"date": "2023-01-26T22:15:14.453000",
"db": "NVD",
"id": "CVE-2022-38715"
},
{
"date": "2023-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1942"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-15940"
},
{
"date": "2023-01-27T00:00:00",
"db": "VULMON",
"id": "CVE-2022-38715"
},
{
"date": "2023-07-11T02:34:00",
"db": "JVNDB",
"id": "JVNDB-2022-006974"
},
{
"date": "2023-02-02T17:22:07.650000",
"db": "NVD",
"id": "CVE-2022-38715"
},
{
"date": "2023-02-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1942"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1942"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siretta\u00a0QUARTZ-GOLD\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-006974"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1942"
}
],
"trust": 0.6
}
}
VAR-202301-2211
Vulnerability from variot - Updated: 2023-12-18 13:46A directory traversal vulnerability exists in the httpd update.cgi functionality of FreshTomato 2022.5. A specially crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability. FreshTomato Exists in a past traversal vulnerability.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202301-2211",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "freshtomato",
"scope": "eq",
"trust": 1.0,
"vendor": "freshtomato",
"version": "2022.5"
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 1.0,
"vendor": "siretta",
"version": "g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold",
"scope": null,
"trust": 0.8,
"vendor": "siretta",
"version": null
},
{
"model": "freshtomato",
"scope": null,
"trust": 0.8,
"vendor": "freshtomato",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008193"
},
{
"db": "NVD",
"id": "CVE-2022-38451"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:freshtomato:freshtomato:2022.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siretta:quartz-gold_firmware:g5.0.1.5-210720-141020:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siretta:quartz-gold:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-38451"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-2352"
}
],
"trust": 0.6
},
"cve": "CVE-2022-38451",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.3,
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-38451",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-38451",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-38451",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202301-2352",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008193"
},
{
"db": "NVD",
"id": "CVE-2022-38451"
},
{
"db": "NVD",
"id": "CVE-2022-38451"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-2352"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A directory traversal vulnerability exists in the httpd update.cgi functionality of FreshTomato 2022.5. A specially crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability. FreshTomato Exists in a past traversal vulnerability.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-38451"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008193"
},
{
"db": "VULMON",
"id": "CVE-2022-38451"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-38451",
"trust": 3.3
},
{
"db": "TALOS",
"id": "TALOS-2022-1642",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008193",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202301-2352",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-38451",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-38451"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008193"
},
{
"db": "NVD",
"id": "CVE-2022-38451"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-2352"
}
]
},
"id": "VAR-202301-2211",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.73040676
},
"last_update_date": "2023-12-18T13:46:13.896000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page Siretta\u00a0LimitedSiretta",
"trust": 0.8,
"url": "https://www.freshtomato.org/"
},
{
"title": "FreshTomato Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=224120"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008193"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-2352"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.0
},
{
"problemtype": "Path traversal (CWE-22) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008193"
},
{
"db": "NVD",
"id": "CVE-2022-38451"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1642"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-38451"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-38451/"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-38451"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-38451"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008193"
},
{
"db": "NVD",
"id": "CVE-2022-38451"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-2352"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-38451"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008193"
},
{
"db": "NVD",
"id": "CVE-2022-38451"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-2352"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-30T00:00:00",
"db": "VULMON",
"id": "CVE-2022-38451"
},
{
"date": "2023-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-008193"
},
{
"date": "2023-01-30T11:15:09.407000",
"db": "NVD",
"id": "CVE-2022-38451"
},
{
"date": "2023-01-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-2352"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-01-30T00:00:00",
"db": "VULMON",
"id": "CVE-2022-38451"
},
{
"date": "2023-07-25T04:34:00",
"db": "JVNDB",
"id": "JVNDB-2022-008193"
},
{
"date": "2023-02-06T21:53:03.713000",
"db": "NVD",
"id": "CVE-2022-38451"
},
{
"date": "2023-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-2352"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-2352"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FreshTomato\u00a0 Past traversal vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008193"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-2352"
}
],
"trust": 0.6
}
}
VAR-202301-1888
Vulnerability from variot - Updated: 2023-12-18 13:21Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is reachable through the m2m's DOWNLOAD_CFG_FILE command. Siretta QUARTZ-GOLD for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed dual-port Gigabit Ethernet industrial router from Siretta Company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202301-1888",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quartz-gold",
"scope": "eq",
"trust": 1.0,
"vendor": "siretta",
"version": "g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": null
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": "quartz-gold firmware g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold g5.0.1.5-210720-141020",
"scope": null,
"trust": 0.6,
"vendor": "siretta",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17075"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002696"
},
{
"db": "NVD",
"id": "CVE-2022-42490"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siretta:quartz-gold_firmware:g5.0.1.5-210720-141020:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siretta:quartz-gold:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-42490"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1888"
}
],
"trust": 0.6
},
"cve": "CVE-2022-42490",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2023-17075",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-42490",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-42490",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-42490",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2023-17075",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202301-1888",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17075"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002696"
},
{
"db": "NVD",
"id": "CVE-2022-42490"
},
{
"db": "NVD",
"id": "CVE-2022-42490"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1888"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is reachable through the m2m\u0027s DOWNLOAD_CFG_FILE command. Siretta QUARTZ-GOLD for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed dual-port Gigabit Ethernet industrial router from Siretta Company",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-42490"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002696"
},
{
"db": "CNVD",
"id": "CNVD-2023-17075"
},
{
"db": "VULMON",
"id": "CVE-2022-42490"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-42490",
"trust": 3.9
},
{
"db": "TALOS",
"id": "TALOS-2022-1640",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002696",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-17075",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1888",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-42490",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17075"
},
{
"db": "VULMON",
"id": "CVE-2022-42490"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002696"
},
{
"db": "NVD",
"id": "CVE-2022-42490"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1888"
}
]
},
"id": "VAR-202301-1888",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17075"
}
],
"trust": 1.33040676
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17075"
}
]
},
"last_update_date": "2023-12-18T13:21:59.955000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.siretta.com/"
},
{
"title": "Patch for Siretta QUARTZ-GOLD Operating System Command Injection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/413816"
},
{
"title": "Siretta QUARTZ-GOLD Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=222955"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17075"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002696"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1888"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002696"
},
{
"db": "NVD",
"id": "CVE-2022-42490"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1640"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42490"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-42490/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17075"
},
{
"db": "VULMON",
"id": "CVE-2022-42490"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002696"
},
{
"db": "NVD",
"id": "CVE-2022-42490"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1888"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-17075"
},
{
"db": "VULMON",
"id": "CVE-2022-42490"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002696"
},
{
"db": "NVD",
"id": "CVE-2022-42490"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1888"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-17075"
},
{
"date": "2023-01-26T00:00:00",
"db": "VULMON",
"id": "CVE-2022-42490"
},
{
"date": "2023-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-002696"
},
{
"date": "2023-01-26T22:15:24.120000",
"db": "NVD",
"id": "CVE-2022-42490"
},
{
"date": "2023-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1888"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-17075"
},
{
"date": "2023-01-27T00:00:00",
"db": "VULMON",
"id": "CVE-2022-42490"
},
{
"date": "2023-07-25T07:28:00",
"db": "JVNDB",
"id": "JVNDB-2023-002696"
},
{
"date": "2023-02-06T17:28:38.980000",
"db": "NVD",
"id": "CVE-2022-42490"
},
{
"date": "2023-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1888"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1888"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siretta QUARTZ-GOLD Operating System Command Injection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17075"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1888"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1888"
}
],
"trust": 0.6
}
}
VAR-202301-1891
Vulnerability from variot - Updated: 2023-12-18 13:21Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is reachable through the m2m's DOWNLOAD_INFO command. Siretta QUARTZ-GOLD for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed dual-port Gigabit Ethernet industrial router from Siretta Company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202301-1891",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quartz-gold",
"scope": "eq",
"trust": 1.0,
"vendor": "siretta",
"version": "g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": null
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": "quartz-gold firmware g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold g5.0.1.5-210720-141020",
"scope": null,
"trust": 0.6,
"vendor": "siretta",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17093"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002688"
},
{
"db": "NVD",
"id": "CVE-2022-42493"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siretta:quartz-gold_firmware:g5.0.1.5-210720-141020:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siretta:quartz-gold:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-42493"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1885"
}
],
"trust": 0.6
},
"cve": "CVE-2022-42493",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2023-17093",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-42493",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-42493",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-42493",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2023-17093",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202301-1885",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17093"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002688"
},
{
"db": "NVD",
"id": "CVE-2022-42493"
},
{
"db": "NVD",
"id": "CVE-2022-42493"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1885"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is reachable through the m2m\u0027s DOWNLOAD_INFO command. Siretta QUARTZ-GOLD for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed dual-port Gigabit Ethernet industrial router from Siretta Company",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-42493"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002688"
},
{
"db": "CNVD",
"id": "CNVD-2023-17093"
},
{
"db": "VULMON",
"id": "CVE-2022-42493"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-42493",
"trust": 3.9
},
{
"db": "TALOS",
"id": "TALOS-2022-1640",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002688",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-17093",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1885",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-42493",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17093"
},
{
"db": "VULMON",
"id": "CVE-2022-42493"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002688"
},
{
"db": "NVD",
"id": "CVE-2022-42493"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1885"
}
]
},
"id": "VAR-202301-1891",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17093"
}
],
"trust": 1.33040676
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17093"
}
]
},
"last_update_date": "2023-12-18T13:21:59.928000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.siretta.com/"
},
{
"title": "Patch for Siretta QUARTZ-GOLD Operating System Command Injection Vulnerability (CNVD-2023-17093)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/413906"
},
{
"title": "Siretta QUARTZ-GOLD Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=222952"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17093"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002688"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1885"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002688"
},
{
"db": "NVD",
"id": "CVE-2022-42493"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1640"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42493"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-42493/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17093"
},
{
"db": "VULMON",
"id": "CVE-2022-42493"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002688"
},
{
"db": "NVD",
"id": "CVE-2022-42493"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1885"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-17093"
},
{
"db": "VULMON",
"id": "CVE-2022-42493"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002688"
},
{
"db": "NVD",
"id": "CVE-2022-42493"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1885"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-17093"
},
{
"date": "2023-01-26T00:00:00",
"db": "VULMON",
"id": "CVE-2022-42493"
},
{
"date": "2023-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-002688"
},
{
"date": "2023-01-26T22:15:25.127000",
"db": "NVD",
"id": "CVE-2022-42493"
},
{
"date": "2023-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1885"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-17093"
},
{
"date": "2023-01-27T00:00:00",
"db": "VULMON",
"id": "CVE-2022-42493"
},
{
"date": "2023-07-25T06:45:00",
"db": "JVNDB",
"id": "JVNDB-2023-002688"
},
{
"date": "2023-02-06T17:28:20.847000",
"db": "NVD",
"id": "CVE-2022-42493"
},
{
"date": "2023-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1885"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1885"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siretta\u00a0QUARTZ-GOLD\u00a0 In OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002688"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1885"
}
],
"trust": 0.6
}
}
VAR-202301-1889
Vulnerability from variot - Updated: 2023-12-18 13:21Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is reachable through the m2m's DOWNLOAD_AD command. Siretta QUARTZ-GOLD for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed dual-port Gigabit Ethernet industrial router from Siretta Company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202301-1889",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quartz-gold",
"scope": "eq",
"trust": 1.0,
"vendor": "siretta",
"version": "g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": null
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": "quartz-gold firmware g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold g5.0.1.5-210720-141020",
"scope": null,
"trust": 0.6,
"vendor": "siretta",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17092"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002693"
},
{
"db": "NVD",
"id": "CVE-2022-42492"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siretta:quartz-gold_firmware:g5.0.1.5-210720-141020:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siretta:quartz-gold:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-42492"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1886"
}
],
"trust": 0.6
},
"cve": "CVE-2022-42492",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2023-17092",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-42492",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-42492",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-42492",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2023-17092",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202301-1886",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17092"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002693"
},
{
"db": "NVD",
"id": "CVE-2022-42492"
},
{
"db": "NVD",
"id": "CVE-2022-42492"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1886"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is reachable through the m2m\u0027s DOWNLOAD_AD command. Siretta QUARTZ-GOLD for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed dual-port Gigabit Ethernet industrial router from Siretta Company",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-42492"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002693"
},
{
"db": "CNVD",
"id": "CNVD-2023-17092"
},
{
"db": "VULMON",
"id": "CVE-2022-42492"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-42492",
"trust": 3.9
},
{
"db": "TALOS",
"id": "TALOS-2022-1640",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002693",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-17092",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1886",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-42492",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17092"
},
{
"db": "VULMON",
"id": "CVE-2022-42492"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002693"
},
{
"db": "NVD",
"id": "CVE-2022-42492"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1886"
}
]
},
"id": "VAR-202301-1889",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17092"
}
],
"trust": 1.33040676
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17092"
}
]
},
"last_update_date": "2023-12-18T13:21:59.901000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.siretta.com/"
},
{
"title": "Patch for Siretta QUARTZ-GOLD Operating System Command Injection Vulnerability (CNVD-2023-17092)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/413901"
},
{
"title": "Siretta QUARTZ-GOLD Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=222953"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17092"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002693"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1886"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002693"
},
{
"db": "NVD",
"id": "CVE-2022-42492"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1640"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42492"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-42492/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17092"
},
{
"db": "VULMON",
"id": "CVE-2022-42492"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002693"
},
{
"db": "NVD",
"id": "CVE-2022-42492"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1886"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-17092"
},
{
"db": "VULMON",
"id": "CVE-2022-42492"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002693"
},
{
"db": "NVD",
"id": "CVE-2022-42492"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1886"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-17092"
},
{
"date": "2023-01-26T00:00:00",
"db": "VULMON",
"id": "CVE-2022-42492"
},
{
"date": "2023-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-002693"
},
{
"date": "2023-01-26T22:15:24.973000",
"db": "NVD",
"id": "CVE-2022-42492"
},
{
"date": "2023-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1886"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-17092"
},
{
"date": "2023-01-27T00:00:00",
"db": "VULMON",
"id": "CVE-2022-42492"
},
{
"date": "2023-07-25T07:20:00",
"db": "JVNDB",
"id": "JVNDB-2023-002693"
},
{
"date": "2023-02-06T17:28:31.530000",
"db": "NVD",
"id": "CVE-2022-42492"
},
{
"date": "2023-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1886"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1886"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siretta\u00a0QUARTZ-GOLD\u00a0 In OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002693"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1886"
}
],
"trust": 0.6
}
}
VAR-202301-1890
Vulnerability from variot - Updated: 2023-12-18 13:21Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is reachable through the m2m's M2M_CONFIG_SET command. Siretta QUARTZ-GOLD for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed dual-port Gigabit Ethernet industrial router from Siretta Company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202301-1890",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quartz-gold",
"scope": "eq",
"trust": 1.0,
"vendor": "siretta",
"version": "g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": null
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": "quartz-gold firmware g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold g5.0.1.5-210720-141020",
"scope": null,
"trust": 0.6,
"vendor": "siretta",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17081"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002694"
},
{
"db": "NVD",
"id": "CVE-2022-42491"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siretta:quartz-gold_firmware:g5.0.1.5-210720-141020:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siretta:quartz-gold:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-42491"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1887"
}
],
"trust": 0.6
},
"cve": "CVE-2022-42491",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2023-17081",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-42491",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-42491",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-42491",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2023-17081",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202301-1887",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17081"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002694"
},
{
"db": "NVD",
"id": "CVE-2022-42491"
},
{
"db": "NVD",
"id": "CVE-2022-42491"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1887"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is reachable through the m2m\u0027s M2M_CONFIG_SET command. Siretta QUARTZ-GOLD for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed dual-port Gigabit Ethernet industrial router from Siretta Company",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-42491"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002694"
},
{
"db": "CNVD",
"id": "CNVD-2023-17081"
},
{
"db": "VULMON",
"id": "CVE-2022-42491"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-42491",
"trust": 3.9
},
{
"db": "TALOS",
"id": "TALOS-2022-1640",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002694",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-17081",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1887",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-42491",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17081"
},
{
"db": "VULMON",
"id": "CVE-2022-42491"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002694"
},
{
"db": "NVD",
"id": "CVE-2022-42491"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1887"
}
]
},
"id": "VAR-202301-1890",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17081"
}
],
"trust": 1.33040676
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17081"
}
]
},
"last_update_date": "2023-12-18T13:21:59.872000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.siretta.com/"
},
{
"title": "Patch for Siretta QUARTZ-GOLD Operating System Command Injection Vulnerability (CNVD-2023-17081)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/413846"
},
{
"title": "Siretta QUARTZ-GOLD Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=222954"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17081"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002694"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1887"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002694"
},
{
"db": "NVD",
"id": "CVE-2022-42491"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1640"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-42491"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-42491/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17081"
},
{
"db": "VULMON",
"id": "CVE-2022-42491"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002694"
},
{
"db": "NVD",
"id": "CVE-2022-42491"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1887"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-17081"
},
{
"db": "VULMON",
"id": "CVE-2022-42491"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002694"
},
{
"db": "NVD",
"id": "CVE-2022-42491"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1887"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-17081"
},
{
"date": "2023-01-26T00:00:00",
"db": "VULMON",
"id": "CVE-2022-42491"
},
{
"date": "2023-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-002694"
},
{
"date": "2023-01-26T22:15:24.430000",
"db": "NVD",
"id": "CVE-2022-42491"
},
{
"date": "2023-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1887"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-17081"
},
{
"date": "2023-01-27T00:00:00",
"db": "VULMON",
"id": "CVE-2022-42491"
},
{
"date": "2023-07-25T07:24:00",
"db": "JVNDB",
"id": "JVNDB-2023-002694"
},
{
"date": "2023-02-06T17:29:53.310000",
"db": "NVD",
"id": "CVE-2022-42491"
},
{
"date": "2023-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1887"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1887"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siretta\u00a0QUARTZ-GOLD\u00a0 In OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002694"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1887"
}
],
"trust": 0.6
}
}
VAR-202301-1780
Vulnerability from variot - Updated: 2023-12-18 13:11A heap-based buffer overflow vulnerability exists in the m2m DELETE_FILE cmd functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger this vulnerability. Siretta QUARTZ-GOLD Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed industrial router of Siretta Company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202301-1780",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quartz-gold",
"scope": "eq",
"trust": 1.0,
"vendor": "siretta",
"version": "g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": null
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": "quartz-gold firmware g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold g5.0.1.5-210720-141020",
"scope": null,
"trust": 0.6,
"vendor": "siretta",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17074"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002697"
},
{
"db": "NVD",
"id": "CVE-2022-41991"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siretta:quartz-gold_firmware:g5.0.1.5-210720-141020:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siretta:quartz-gold:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-41991"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1889"
}
],
"trust": 0.6
},
"cve": "CVE-2022-41991",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2023-17074",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-41991",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-41991",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-41991",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2023-17074",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202301-1889",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17074"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002697"
},
{
"db": "NVD",
"id": "CVE-2022-41991"
},
{
"db": "NVD",
"id": "CVE-2022-41991"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1889"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A heap-based buffer overflow vulnerability exists in the m2m DELETE_FILE cmd functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger this vulnerability. Siretta QUARTZ-GOLD Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed industrial router of Siretta Company",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-41991"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002697"
},
{
"db": "CNVD",
"id": "CNVD-2023-17074"
},
{
"db": "VULMON",
"id": "CVE-2022-41991"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-41991",
"trust": 3.9
},
{
"db": "TALOS",
"id": "TALOS-2022-1639",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002697",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-17074",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1889",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-41991",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17074"
},
{
"db": "VULMON",
"id": "CVE-2022-41991"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002697"
},
{
"db": "NVD",
"id": "CVE-2022-41991"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1889"
}
]
},
"id": "VAR-202301-1780",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17074"
}
],
"trust": 1.33040676
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17074"
}
]
},
"last_update_date": "2023-12-18T13:11:37.589000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.siretta.com/"
},
{
"title": "Patch for Siretta QUARTZ-GOLD Buffer Overflow Vulnerability (CNVD-2023-17074)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/413811"
},
{
"title": "Siretta QUARTZ-GOLD Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=224071"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17074"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002697"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1889"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002697"
},
{
"db": "NVD",
"id": "CVE-2022-41991"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1639"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-41991"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-41991/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17074"
},
{
"db": "VULMON",
"id": "CVE-2022-41991"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002697"
},
{
"db": "NVD",
"id": "CVE-2022-41991"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1889"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-17074"
},
{
"db": "VULMON",
"id": "CVE-2022-41991"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-002697"
},
{
"db": "NVD",
"id": "CVE-2022-41991"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1889"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-17074"
},
{
"date": "2023-01-26T00:00:00",
"db": "VULMON",
"id": "CVE-2022-41991"
},
{
"date": "2023-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-002697"
},
{
"date": "2023-01-26T22:15:23.873000",
"db": "NVD",
"id": "CVE-2022-41991"
},
{
"date": "2023-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1889"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-17074"
},
{
"date": "2023-01-27T00:00:00",
"db": "VULMON",
"id": "CVE-2022-41991"
},
{
"date": "2023-07-25T07:35:00",
"db": "JVNDB",
"id": "JVNDB-2023-002697"
},
{
"date": "2023-02-06T17:28:53.793000",
"db": "NVD",
"id": "CVE-2022-41991"
},
{
"date": "2023-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1889"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1889"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siretta\u00a0QUARTZ-GOLD\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-002697"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1889"
}
],
"trust": 0.6
}
}
VAR-202301-1801
Vulnerability from variot - Updated: 2023-12-18 13:11A file write vulnerability exists in the httpd upload.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can send an HTTP request to trigger this vulnerability. Siretta QUARTZ-GOLD Exists in a past traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is an industrial router with various functions and services
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202301-1801",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quartz-gold",
"scope": "eq",
"trust": 1.0,
"vendor": "siretta",
"version": "g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": "quartz-gold firmware g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": null
},
{
"model": "quartz-gold g5.0.1.5-210720-141020",
"scope": null,
"trust": 0.6,
"vendor": "siretta",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17065"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006973"
},
{
"db": "NVD",
"id": "CVE-2022-39045"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siretta:quartz-gold_firmware:g5.0.1.5-210720-141020:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siretta:quartz-gold:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-39045"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1941"
}
],
"trust": 0.6
},
"cve": "CVE-2022-39045",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2023-17065",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-39045",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-39045",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-39045",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2023-17065",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202301-1941",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17065"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006973"
},
{
"db": "NVD",
"id": "CVE-2022-39045"
},
{
"db": "NVD",
"id": "CVE-2022-39045"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1941"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A file write vulnerability exists in the httpd upload.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can send an HTTP request to trigger this vulnerability. Siretta QUARTZ-GOLD Exists in a past traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is an industrial router with various functions and services",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-39045"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006973"
},
{
"db": "CNVD",
"id": "CNVD-2023-17065"
},
{
"db": "VULMON",
"id": "CVE-2022-39045"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-39045",
"trust": 3.9
},
{
"db": "TALOS",
"id": "TALOS-2022-1611",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006973",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-17065",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1941",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-39045",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17065"
},
{
"db": "VULMON",
"id": "CVE-2022-39045"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006973"
},
{
"db": "NVD",
"id": "CVE-2022-39045"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1941"
}
]
},
"id": "VAR-202301-1801",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17065"
}
],
"trust": 1.33040676
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17065"
}
]
},
"last_update_date": "2023-12-18T13:11:37.561000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.siretta.com/"
},
{
"title": "Patch for Siretta QUARTZ-GOLD file writing vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/413766"
},
{
"title": "Siretta QUARTZ-GOLD Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=222961"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17065"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006973"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1941"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.0
},
{
"problemtype": "Path traversal (CWE-22) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-006973"
},
{
"db": "NVD",
"id": "CVE-2022-39045"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1611"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-39045"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-39045/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17065"
},
{
"db": "VULMON",
"id": "CVE-2022-39045"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006973"
},
{
"db": "NVD",
"id": "CVE-2022-39045"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1941"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-17065"
},
{
"db": "VULMON",
"id": "CVE-2022-39045"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006973"
},
{
"db": "NVD",
"id": "CVE-2022-39045"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1941"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-17065"
},
{
"date": "2023-01-26T00:00:00",
"db": "VULMON",
"id": "CVE-2022-39045"
},
{
"date": "2023-07-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-006973"
},
{
"date": "2023-01-26T22:15:14.990000",
"db": "NVD",
"id": "CVE-2022-39045"
},
{
"date": "2023-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1941"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-17065"
},
{
"date": "2023-01-27T00:00:00",
"db": "VULMON",
"id": "CVE-2022-39045"
},
{
"date": "2023-07-11T02:31:00",
"db": "JVNDB",
"id": "JVNDB-2022-006973"
},
{
"date": "2023-02-02T17:21:20.270000",
"db": "NVD",
"id": "CVE-2022-39045"
},
{
"date": "2023-02-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1941"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1941"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siretta\u00a0QUARTZ-GOLD\u00a0 Past traversal vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-006973"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1941"
}
],
"trust": 0.6
}
}
VAR-202301-1802
Vulnerability from variot - Updated: 2023-12-18 13:06A stack-based buffer overflow vulnerability exists in the httpd downfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability. Siretta QUARTZ-GOLD Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed dual-port Gigabit Ethernet industrial router from Siretta Company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202301-1802",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quartz-gold",
"scope": "eq",
"trust": 1.0,
"vendor": "siretta",
"version": "g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": "quartz-gold firmware g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": null
},
{
"model": "quartz-gold g5.0.1.5-210720-141020",
"scope": null,
"trust": 0.6,
"vendor": "siretta",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17080"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006975"
},
{
"db": "NVD",
"id": "CVE-2022-38459"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siretta:quartz-gold_firmware:g5.0.1.5-210720-141020:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siretta:quartz-gold:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-38459"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1943"
}
],
"trust": 0.6
},
"cve": "CVE-2022-38459",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2023-17080",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-38459",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-38459",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-38459",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2023-17080",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202301-1943",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17080"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006975"
},
{
"db": "NVD",
"id": "CVE-2022-38459"
},
{
"db": "NVD",
"id": "CVE-2022-38459"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1943"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A stack-based buffer overflow vulnerability exists in the httpd downfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability. Siretta QUARTZ-GOLD Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed dual-port Gigabit Ethernet industrial router from Siretta Company",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-38459"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006975"
},
{
"db": "CNVD",
"id": "CNVD-2023-17080"
},
{
"db": "VULMON",
"id": "CVE-2022-38459"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-38459",
"trust": 3.9
},
{
"db": "TALOS",
"id": "TALOS-2022-1608",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006975",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-17080",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1943",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-38459",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17080"
},
{
"db": "VULMON",
"id": "CVE-2022-38459"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006975"
},
{
"db": "NVD",
"id": "CVE-2022-38459"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1943"
}
]
},
"id": "VAR-202301-1802",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17080"
}
],
"trust": 1.33040676
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17080"
}
]
},
"last_update_date": "2023-12-18T13:06:18.888000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.siretta.com/"
},
{
"title": "Patch for Siretta QUARTZ-GOLD Buffer Overflow Vulnerability (CNVD-2023-17080)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/413841"
},
{
"title": "Siretta QUARTZ-GOLD Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=222963"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-38459 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17080"
},
{
"db": "VULMON",
"id": "CVE-2022-38459"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006975"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1943"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-006975"
},
{
"db": "NVD",
"id": "CVE-2022-38459"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1608"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-38459"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-38459/"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-38459"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17080"
},
{
"db": "VULMON",
"id": "CVE-2022-38459"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006975"
},
{
"db": "NVD",
"id": "CVE-2022-38459"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1943"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-17080"
},
{
"db": "VULMON",
"id": "CVE-2022-38459"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006975"
},
{
"db": "NVD",
"id": "CVE-2022-38459"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1943"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-17080"
},
{
"date": "2023-01-26T00:00:00",
"db": "VULMON",
"id": "CVE-2022-38459"
},
{
"date": "2023-07-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-006975"
},
{
"date": "2023-01-26T22:15:14.087000",
"db": "NVD",
"id": "CVE-2022-38459"
},
{
"date": "2023-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1943"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-17080"
},
{
"date": "2023-01-27T00:00:00",
"db": "VULMON",
"id": "CVE-2022-38459"
},
{
"date": "2023-07-11T02:37:00",
"db": "JVNDB",
"id": "JVNDB-2022-006975"
},
{
"date": "2023-02-02T17:22:19.093000",
"db": "NVD",
"id": "CVE-2022-38459"
},
{
"date": "2023-02-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1943"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1943"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siretta\u00a0QUARTZ-GOLD\u00a0 Classic buffer overflow vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-006975"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1943"
}
],
"trust": 0.6
}
}
VAR-202301-1788
Vulnerability from variot - Updated: 2023-12-18 13:00An OS command injection vulnerability exists in the m2m DELETE_FILE cmd functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability. Siretta QUARTZ-GOLD for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed dual-port Gigabit Ethernet industrial router from Siretta Company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202301-1788",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quartz-gold",
"scope": "eq",
"trust": 1.0,
"vendor": "siretta",
"version": "g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": "quartz-gold firmware g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": null
},
{
"model": "quartz-gold g5.0.1.5-210720-141020",
"scope": null,
"trust": 0.6,
"vendor": "siretta",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17083"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006971"
},
{
"db": "NVD",
"id": "CVE-2022-40222"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siretta:quartz-gold_firmware:g5.0.1.5-210720-141020:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siretta:quartz-gold:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-40222"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1939"
}
],
"trust": 0.6
},
"cve": "CVE-2022-40222",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2023-17083",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-40222",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-40222",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-40222",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2023-17083",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202301-1939",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17083"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006971"
},
{
"db": "NVD",
"id": "CVE-2022-40222"
},
{
"db": "NVD",
"id": "CVE-2022-40222"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1939"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An OS command injection vulnerability exists in the m2m DELETE_FILE cmd functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability. Siretta QUARTZ-GOLD for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed dual-port Gigabit Ethernet industrial router from Siretta Company",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-40222"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006971"
},
{
"db": "CNVD",
"id": "CNVD-2023-17083"
},
{
"db": "VULMON",
"id": "CVE-2022-40222"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-40222",
"trust": 3.9
},
{
"db": "TALOS",
"id": "TALOS-2022-1638",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006971",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-17083",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1939",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-40222",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17083"
},
{
"db": "VULMON",
"id": "CVE-2022-40222"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006971"
},
{
"db": "NVD",
"id": "CVE-2022-40222"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1939"
}
]
},
"id": "VAR-202301-1788",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17083"
}
],
"trust": 1.33040676
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17083"
}
]
},
"last_update_date": "2023-12-18T13:00:20.947000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.siretta.com/"
},
{
"title": "Patch for Siretta QUARTZ-GOLD Operating System Command Injection Vulnerability (CNVD-2023-17083)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/413856"
},
{
"title": "Siretta QUARTZ-GOLD Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=222959"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17083"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006971"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1939"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-006971"
},
{
"db": "NVD",
"id": "CVE-2022-40222"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1638"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40222"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-40222/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17083"
},
{
"db": "VULMON",
"id": "CVE-2022-40222"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006971"
},
{
"db": "NVD",
"id": "CVE-2022-40222"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1939"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-17083"
},
{
"db": "VULMON",
"id": "CVE-2022-40222"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006971"
},
{
"db": "NVD",
"id": "CVE-2022-40222"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1939"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-17083"
},
{
"date": "2023-01-26T00:00:00",
"db": "VULMON",
"id": "CVE-2022-40222"
},
{
"date": "2023-07-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-006971"
},
{
"date": "2023-01-26T22:15:15.617000",
"db": "NVD",
"id": "CVE-2022-40222"
},
{
"date": "2023-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1939"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-17083"
},
{
"date": "2023-01-27T00:00:00",
"db": "VULMON",
"id": "CVE-2022-40222"
},
{
"date": "2023-07-11T02:25:00",
"db": "JVNDB",
"id": "JVNDB-2022-006971"
},
{
"date": "2023-02-02T17:20:17.927000",
"db": "NVD",
"id": "CVE-2022-40222"
},
{
"date": "2023-02-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1939"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1939"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siretta\u00a0QUARTZ-GOLD\u00a0 In \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-006971"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1939"
}
],
"trust": 0.6
}
}
VAR-202301-1821
Vulnerability from variot - Updated: 2023-12-18 12:48A directory traversal vulnerability exists in the httpd downfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability. Siretta QUARTZ-GOLD Exists in a past traversal vulnerability.Information may be obtained. Siretta QUARTZ-GOLD is a high-speed dual-port Gigabit Ethernet industrial router from Siretta Company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202301-1821",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quartz-gold",
"scope": "eq",
"trust": 1.0,
"vendor": "siretta",
"version": "g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": null
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": "quartz-gold firmware g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold g5.0.1.5-210720-141020",
"scope": null,
"trust": 0.6,
"vendor": "siretta",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17077"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007243"
},
{
"db": "NVD",
"id": "CVE-2022-38088"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siretta:quartz-gold_firmware:g5.0.1.5-210720-141020:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siretta:quartz-gold:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-38088"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1944"
}
],
"trust": 0.6
},
"cve": "CVE-2022-38088",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2023-17077",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-38088",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-38088",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-38088",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2023-17077",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202301-1944",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17077"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007243"
},
{
"db": "NVD",
"id": "CVE-2022-38088"
},
{
"db": "NVD",
"id": "CVE-2022-38088"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1944"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A directory traversal vulnerability exists in the httpd downfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability. Siretta QUARTZ-GOLD Exists in a past traversal vulnerability.Information may be obtained. Siretta QUARTZ-GOLD is a high-speed dual-port Gigabit Ethernet industrial router from Siretta Company",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-38088"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007243"
},
{
"db": "CNVD",
"id": "CNVD-2023-17077"
},
{
"db": "VULMON",
"id": "CVE-2022-38088"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-38088",
"trust": 3.9
},
{
"db": "TALOS",
"id": "TALOS-2022-1609",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007243",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-17077",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1944",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-38088",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17077"
},
{
"db": "VULMON",
"id": "CVE-2022-38088"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007243"
},
{
"db": "NVD",
"id": "CVE-2022-38088"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1944"
}
]
},
"id": "VAR-202301-1821",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17077"
}
],
"trust": 1.33040676
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17077"
}
]
},
"last_update_date": "2023-12-18T12:48:16.095000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.siretta.com/"
},
{
"title": "Patch for Siretta QUARTZ-GOLD Directory Traversal Vulnerability (CNVD-2023-17077)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/413821"
},
{
"title": "Siretta QUARTZ-GOLD Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=223361"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-38088 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17077"
},
{
"db": "VULMON",
"id": "CVE-2022-38088"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007243"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1944"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.0
},
{
"problemtype": "Path traversal (CWE-22) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-007243"
},
{
"db": "NVD",
"id": "CVE-2022-38088"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1609"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-38088"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-38088/"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-38088"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17077"
},
{
"db": "VULMON",
"id": "CVE-2022-38088"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007243"
},
{
"db": "NVD",
"id": "CVE-2022-38088"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1944"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-17077"
},
{
"db": "VULMON",
"id": "CVE-2022-38088"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007243"
},
{
"db": "NVD",
"id": "CVE-2022-38088"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1944"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-17077"
},
{
"date": "2023-01-26T00:00:00",
"db": "VULMON",
"id": "CVE-2022-38088"
},
{
"date": "2023-07-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-007243"
},
{
"date": "2023-01-26T22:15:13.460000",
"db": "NVD",
"id": "CVE-2022-38088"
},
{
"date": "2023-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1944"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-17077"
},
{
"date": "2023-01-27T00:00:00",
"db": "VULMON",
"id": "CVE-2022-38088"
},
{
"date": "2023-07-13T02:17:00",
"db": "JVNDB",
"id": "JVNDB-2022-007243"
},
{
"date": "2023-02-02T17:22:29.657000",
"db": "NVD",
"id": "CVE-2022-38088"
},
{
"date": "2023-02-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1944"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1944"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siretta\u00a0QUARTZ-GOLD\u00a0 Past traversal vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-007243"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1944"
}
],
"trust": 0.6
}
}
VAR-202301-2055
Vulnerability from variot - Updated: 2023-12-18 12:25A stack-based buffer overflow vulnerability exists in the httpd delfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability. Siretta QUARTZ-GOLD Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed dual-port Gigabit Ethernet industrial router from Siretta Company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202301-2055",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quartz-gold",
"scope": "eq",
"trust": 1.0,
"vendor": "siretta",
"version": "g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": null
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": "quartz-gold firmware g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold g5.0.1.5-210720-141020",
"scope": null,
"trust": 0.6,
"vendor": "siretta",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17078"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007245"
},
{
"db": "NVD",
"id": "CVE-2022-36279"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siretta:quartz-gold_firmware:g5.0.1.5-210720-141020:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siretta:quartz-gold:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-36279"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1946"
}
],
"trust": 0.6
},
"cve": "CVE-2022-36279",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2023-17078",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-36279",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-36279",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-36279",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2023-17078",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202301-1946",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17078"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007245"
},
{
"db": "NVD",
"id": "CVE-2022-36279"
},
{
"db": "NVD",
"id": "CVE-2022-36279"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1946"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A stack-based buffer overflow vulnerability exists in the httpd delfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability. Siretta QUARTZ-GOLD Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed dual-port Gigabit Ethernet industrial router from Siretta Company",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-36279"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007245"
},
{
"db": "CNVD",
"id": "CNVD-2023-17078"
},
{
"db": "VULMON",
"id": "CVE-2022-36279"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-36279",
"trust": 3.9
},
{
"db": "TALOS",
"id": "TALOS-2022-1605",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007245",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-17078",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1946",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-36279",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17078"
},
{
"db": "VULMON",
"id": "CVE-2022-36279"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007245"
},
{
"db": "NVD",
"id": "CVE-2022-36279"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1946"
}
]
},
"id": "VAR-202301-2055",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17078"
}
],
"trust": 1.33040676
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17078"
}
]
},
"last_update_date": "2023-12-18T12:25:31.982000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.siretta.com/"
},
{
"title": "Patch for Siretta QUARTZ-GOLD Buffer Overflow Vulnerability (CNVD-2023-17078)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/413831"
},
{
"title": "Siretta QUARTZ-GOLD Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=222966"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-36279 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17078"
},
{
"db": "VULMON",
"id": "CVE-2022-36279"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007245"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1946"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-007245"
},
{
"db": "NVD",
"id": "CVE-2022-36279"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1605"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-36279"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-36279/"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-36279"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17078"
},
{
"db": "VULMON",
"id": "CVE-2022-36279"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007245"
},
{
"db": "NVD",
"id": "CVE-2022-36279"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1946"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-17078"
},
{
"db": "VULMON",
"id": "CVE-2022-36279"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007245"
},
{
"db": "NVD",
"id": "CVE-2022-36279"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1946"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-17078"
},
{
"date": "2023-01-26T00:00:00",
"db": "VULMON",
"id": "CVE-2022-36279"
},
{
"date": "2023-07-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-007245"
},
{
"date": "2023-01-26T22:15:09.220000",
"db": "NVD",
"id": "CVE-2022-36279"
},
{
"date": "2023-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1946"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-17078"
},
{
"date": "2023-01-27T00:00:00",
"db": "VULMON",
"id": "CVE-2022-36279"
},
{
"date": "2023-07-13T02:23:00",
"db": "JVNDB",
"id": "JVNDB-2022-007245"
},
{
"date": "2023-02-02T17:23:06.833000",
"db": "NVD",
"id": "CVE-2022-36279"
},
{
"date": "2023-02-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1946"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1946"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siretta\u00a0QUARTZ-GOLD\u00a0 Classic buffer overflow vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-007245"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1946"
}
],
"trust": 0.6
}
}
VAR-202301-1734
Vulnerability from variot - Updated: 2023-12-18 11:55Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no schedule link1 WORD link2 WORD policy (failover|backup) description (WORD|null)' command template. Siretta QUARTZ-GOLD Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed industrial router of Siretta Company. Attackers can use this vulnerability to execute arbitrary commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202301-1734",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quartz-gold",
"scope": "eq",
"trust": 1.0,
"vendor": "siretta",
"version": "g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": null
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": "quartz-gold firmware g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold g5.0.1.5-210720-141020",
"scope": null,
"trust": 0.6,
"vendor": "siretta",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17041"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007254"
},
{
"db": "NVD",
"id": "CVE-2022-41012"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siretta:quartz-gold_firmware:g5.0.1.5-210720-141020:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siretta:quartz-gold:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-41012"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1909"
}
],
"trust": 0.6
},
"cve": "CVE-2022-41012",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2023-17041",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-41012",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-41012",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-41012",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2023-17041",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202301-1909",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17041"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007254"
},
{
"db": "NVD",
"id": "CVE-2022-41012"
},
{
"db": "NVD",
"id": "CVE-2022-41012"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1909"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the \u0027no schedule link1 WORD link2 WORD policy (failover|backup) description (WORD|null)\u0027 command template. Siretta QUARTZ-GOLD Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed industrial router of Siretta Company. Attackers can use this vulnerability to execute arbitrary commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-41012"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007254"
},
{
"db": "CNVD",
"id": "CNVD-2023-17041"
},
{
"db": "VULMON",
"id": "CVE-2022-41012"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-41012",
"trust": 3.9
},
{
"db": "TALOS",
"id": "TALOS-2022-1613",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007254",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-17041",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1909",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-41012",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17041"
},
{
"db": "VULMON",
"id": "CVE-2022-41012"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007254"
},
{
"db": "NVD",
"id": "CVE-2022-41012"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1909"
}
]
},
"id": "VAR-202301-1734",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17041"
}
],
"trust": 1.33040676
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17041"
}
]
},
"last_update_date": "2023-12-18T11:55:08.602000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.siretta.com/"
},
{
"title": "Patch for Siretta QUARTZ-GOLD Buffer Overflow Vulnerability (CNVD-2023-17041)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/413711"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17041"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007254"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-007254"
},
{
"db": "NVD",
"id": "CVE-2022-41012"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1613"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-41012"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-41012/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17041"
},
{
"db": "VULMON",
"id": "CVE-2022-41012"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007254"
},
{
"db": "NVD",
"id": "CVE-2022-41012"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1909"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-17041"
},
{
"db": "VULMON",
"id": "CVE-2022-41012"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007254"
},
{
"db": "NVD",
"id": "CVE-2022-41012"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1909"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-17041"
},
{
"date": "2023-01-26T00:00:00",
"db": "VULMON",
"id": "CVE-2022-41012"
},
{
"date": "2023-07-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-007254"
},
{
"date": "2023-01-26T22:15:20.560000",
"db": "NVD",
"id": "CVE-2022-41012"
},
{
"date": "2023-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1909"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-17041"
},
{
"date": "2023-01-27T00:00:00",
"db": "VULMON",
"id": "CVE-2022-41012"
},
{
"date": "2023-07-13T07:10:00",
"db": "JVNDB",
"id": "JVNDB-2022-007254"
},
{
"date": "2023-02-03T17:18:07.843000",
"db": "NVD",
"id": "CVE-2022-41012"
},
{
"date": "2023-02-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1909"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1909"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siretta\u00a0QUARTZ-GOLD\u00a0 Classic buffer overflow vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-007254"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1909"
}
],
"trust": 0.6
}
}
VAR-202301-1730
Vulnerability from variot - Updated: 2023-12-18 11:55Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'vpn basic protocol (l2tp|pptp) name WORD server WORD username WORD passsword WORD firmwall (on|off) defroute (on|off)' command template. Siretta QUARTZ-GOLD Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed industrial router of Siretta Company. Attackers can use this vulnerability to execute arbitrary commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202301-1730",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quartz-gold",
"scope": "eq",
"trust": 1.0,
"vendor": "siretta",
"version": "g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": null
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": "quartz-gold firmware g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold g5.0.1.5-210720-141020",
"scope": null,
"trust": 0.6,
"vendor": "siretta",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17042"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007257"
},
{
"db": "NVD",
"id": "CVE-2022-41015"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siretta:quartz-gold_firmware:g5.0.1.5-210720-141020:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siretta:quartz-gold:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-41015"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1906"
}
],
"trust": 0.6
},
"cve": "CVE-2022-41015",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2023-17042",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-41015",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-41015",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-41015",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2023-17042",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202301-1906",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17042"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007257"
},
{
"db": "NVD",
"id": "CVE-2022-41015"
},
{
"db": "NVD",
"id": "CVE-2022-41015"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1906"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the \u0027vpn basic protocol (l2tp|pptp) name WORD server WORD username WORD passsword WORD firmwall (on|off) defroute (on|off)\u0027 command template. Siretta QUARTZ-GOLD Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed industrial router of Siretta Company. Attackers can use this vulnerability to execute arbitrary commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-41015"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007257"
},
{
"db": "CNVD",
"id": "CNVD-2023-17042"
},
{
"db": "VULMON",
"id": "CVE-2022-41015"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-41015",
"trust": 3.9
},
{
"db": "TALOS",
"id": "TALOS-2022-1613",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007257",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-17042",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1906",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-41015",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17042"
},
{
"db": "VULMON",
"id": "CVE-2022-41015"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007257"
},
{
"db": "NVD",
"id": "CVE-2022-41015"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1906"
}
]
},
"id": "VAR-202301-1730",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17042"
}
],
"trust": 1.33040676
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17042"
}
]
},
"last_update_date": "2023-12-18T11:55:08.549000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.siretta.com/"
},
{
"title": "Patch for Siretta QUARTZ-GOLD Buffer Overflow Vulnerability (CNVD-2023-17042)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/413721"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17042"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007257"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-007257"
},
{
"db": "NVD",
"id": "CVE-2022-41015"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1613"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-41015"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-41015/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17042"
},
{
"db": "VULMON",
"id": "CVE-2022-41015"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007257"
},
{
"db": "NVD",
"id": "CVE-2022-41015"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1906"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-17042"
},
{
"db": "VULMON",
"id": "CVE-2022-41015"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007257"
},
{
"db": "NVD",
"id": "CVE-2022-41015"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1906"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-17042"
},
{
"date": "2023-01-26T00:00:00",
"db": "VULMON",
"id": "CVE-2022-41015"
},
{
"date": "2023-07-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-007257"
},
{
"date": "2023-01-26T22:15:20.793000",
"db": "NVD",
"id": "CVE-2022-41015"
},
{
"date": "2023-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1906"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-17042"
},
{
"date": "2023-01-27T00:00:00",
"db": "VULMON",
"id": "CVE-2022-41015"
},
{
"date": "2023-07-13T07:16:00",
"db": "JVNDB",
"id": "JVNDB-2022-007257"
},
{
"date": "2023-10-18T17:45:20.523000",
"db": "NVD",
"id": "CVE-2022-41015"
},
{
"date": "2023-02-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1906"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1906"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siretta\u00a0QUARTZ-GOLD\u00a0 Classic buffer overflow vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-007257"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1906"
}
],
"trust": 0.6
}
}
VAR-202301-1731
Vulnerability from variot - Updated: 2023-12-18 11:55Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no firmwall keyword WORD description (WORD|null)' command template. Siretta QUARTZ-GOLD Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed industrial router of Siretta Company. Attackers can use this vulnerability to execute arbitrary commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202301-1731",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quartz-gold",
"scope": "eq",
"trust": 1.0,
"vendor": "siretta",
"version": "g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": "quartz-gold firmware g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": null
},
{
"model": "quartz-gold g5.0.1.5-210720-141020",
"scope": null,
"trust": 0.6,
"vendor": "siretta",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-16881"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006962"
},
{
"db": "NVD",
"id": "CVE-2022-40994"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siretta:quartz-gold_firmware:g5.0.1.5-210720-141020:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siretta:quartz-gold:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-40994"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1927"
}
],
"trust": 0.6
},
"cve": "CVE-2022-40994",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2023-16881",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-40994",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-40994",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-40994",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2023-16881",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202301-1927",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-16881"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006962"
},
{
"db": "NVD",
"id": "CVE-2022-40994"
},
{
"db": "NVD",
"id": "CVE-2022-40994"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1927"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the \u0027no firmwall keyword WORD description (WORD|null)\u0027 command template. Siretta QUARTZ-GOLD Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed industrial router of Siretta Company. Attackers can use this vulnerability to execute arbitrary commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-40994"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006962"
},
{
"db": "CNVD",
"id": "CNVD-2023-16881"
},
{
"db": "VULMON",
"id": "CVE-2022-40994"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-40994",
"trust": 3.9
},
{
"db": "TALOS",
"id": "TALOS-2022-1613",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006962",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-16881",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1927",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-40994",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-16881"
},
{
"db": "VULMON",
"id": "CVE-2022-40994"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006962"
},
{
"db": "NVD",
"id": "CVE-2022-40994"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1927"
}
]
},
"id": "VAR-202301-1731",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-16881"
}
],
"trust": 1.33040676
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-16881"
}
]
},
"last_update_date": "2023-12-18T11:55:08.520000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.siretta.com/"
},
{
"title": "Patch for Siretta QUARTZ-GOLD Buffer Overflow Vulnerability (CNVD-2023-16881)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/413541"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-40994 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-16881"
},
{
"db": "VULMON",
"id": "CVE-2022-40994"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006962"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-006962"
},
{
"db": "NVD",
"id": "CVE-2022-40994"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1613"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40994"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-40994/"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-40994"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-16881"
},
{
"db": "VULMON",
"id": "CVE-2022-40994"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006962"
},
{
"db": "NVD",
"id": "CVE-2022-40994"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1927"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-16881"
},
{
"db": "VULMON",
"id": "CVE-2022-40994"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006962"
},
{
"db": "NVD",
"id": "CVE-2022-40994"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1927"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-16881"
},
{
"date": "2023-01-26T00:00:00",
"db": "VULMON",
"id": "CVE-2022-40994"
},
{
"date": "2023-07-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-006962"
},
{
"date": "2023-01-26T22:15:17.177000",
"db": "NVD",
"id": "CVE-2022-40994"
},
{
"date": "2023-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1927"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-16881"
},
{
"date": "2023-01-27T00:00:00",
"db": "VULMON",
"id": "CVE-2022-40994"
},
{
"date": "2023-07-11T01:50:00",
"db": "JVNDB",
"id": "JVNDB-2022-006962"
},
{
"date": "2023-02-02T17:52:45.750000",
"db": "NVD",
"id": "CVE-2022-40994"
},
{
"date": "2023-02-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1927"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1927"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siretta\u00a0QUARTZ-GOLD\u00a0 Classic buffer overflow vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-006962"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1927"
}
],
"trust": 0.6
}
}
VAR-202301-1767
Vulnerability from variot - Updated: 2023-12-18 11:55Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no firmwall srcmac (WORD|null) srcip (A.B.C.D|null) dstip (A.B.C.D|null) protocol (none|tcp|udp|icmp) srcport (<1-65535>|null) dstport (<1-65535>|null) policy (drop|accept) description (WORD|null)' command template. Siretta QUARTZ-GOLD Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed industrial router of Siretta Company. Attackers can use this vulnerability to execute arbitrary commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202301-1767",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quartz-gold",
"scope": "eq",
"trust": 1.0,
"vendor": "siretta",
"version": "g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": "quartz-gold firmware g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": null
},
{
"model": "quartz-gold g5.0.1.5-210720-141020",
"scope": null,
"trust": 0.6,
"vendor": "siretta",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17026"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006959"
},
{
"db": "NVD",
"id": "CVE-2022-40996"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siretta:quartz-gold_firmware:g5.0.1.5-210720-141020:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siretta:quartz-gold:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-40996"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1925"
}
],
"trust": 0.6
},
"cve": "CVE-2022-40996",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2023-17026",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-40996",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-40996",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-40996",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2023-17026",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202301-1925",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17026"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006959"
},
{
"db": "NVD",
"id": "CVE-2022-40996"
},
{
"db": "NVD",
"id": "CVE-2022-40996"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1925"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the \u0027no firmwall srcmac (WORD|null) srcip (A.B.C.D|null) dstip (A.B.C.D|null) protocol (none|tcp|udp|icmp) srcport (\u003c1-65535\u003e|null) dstport (\u003c1-65535\u003e|null) policy (drop|accept) description (WORD|null)\u0027 command template. Siretta QUARTZ-GOLD Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed industrial router of Siretta Company. Attackers can use this vulnerability to execute arbitrary commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-40996"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006959"
},
{
"db": "CNVD",
"id": "CNVD-2023-17026"
},
{
"db": "VULMON",
"id": "CVE-2022-40996"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-40996",
"trust": 3.9
},
{
"db": "TALOS",
"id": "TALOS-2022-1613",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006959",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-17026",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1925",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-40996",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17026"
},
{
"db": "VULMON",
"id": "CVE-2022-40996"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006959"
},
{
"db": "NVD",
"id": "CVE-2022-40996"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1925"
}
]
},
"id": "VAR-202301-1767",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17026"
}
],
"trust": 1.33040676
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17026"
}
]
},
"last_update_date": "2023-12-18T11:55:08.492000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.siretta.com/"
},
{
"title": "Patch for Siretta QUARTZ-GOLD Buffer Overflow Vulnerability (CNVD-2023-17026)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/413621"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-40996 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17026"
},
{
"db": "VULMON",
"id": "CVE-2022-40996"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006959"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-006959"
},
{
"db": "NVD",
"id": "CVE-2022-40996"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1613"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40996"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-40996/"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-40996"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17026"
},
{
"db": "VULMON",
"id": "CVE-2022-40996"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006959"
},
{
"db": "NVD",
"id": "CVE-2022-40996"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1925"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-17026"
},
{
"db": "VULMON",
"id": "CVE-2022-40996"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006959"
},
{
"db": "NVD",
"id": "CVE-2022-40996"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1925"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-17026"
},
{
"date": "2023-01-26T00:00:00",
"db": "VULMON",
"id": "CVE-2022-40996"
},
{
"date": "2023-07-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-006959"
},
{
"date": "2023-01-26T22:15:17.323000",
"db": "NVD",
"id": "CVE-2022-40996"
},
{
"date": "2023-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1925"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-17026"
},
{
"date": "2023-01-27T00:00:00",
"db": "VULMON",
"id": "CVE-2022-40996"
},
{
"date": "2023-07-11T01:43:00",
"db": "JVNDB",
"id": "JVNDB-2022-006959"
},
{
"date": "2023-02-02T18:18:42.827000",
"db": "NVD",
"id": "CVE-2022-40996"
},
{
"date": "2023-02-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1925"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1925"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siretta\u00a0QUARTZ-GOLD\u00a0 Classic buffer overflow vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-006959"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1925"
}
],
"trust": 0.6
}
}
VAR-202301-1761
Vulnerability from variot - Updated: 2023-12-18 11:55Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'vpn l2tp advanced name WORD dns (yes|no) mtu <128-16384> mru <128-16384> auth (on|off) password (WORD|null) options WORD' command template. Siretta QUARTZ-GOLD Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed dual-port Gigabit Ethernet industrial router from Siretta Company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202301-1761",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quartz-gold",
"scope": "eq",
"trust": 1.0,
"vendor": "siretta",
"version": "g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": null
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": "quartz-gold firmware g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold g5.0.1.5-210720-141020",
"scope": null,
"trust": 0.6,
"vendor": "siretta",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17087"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008180"
},
{
"db": "NVD",
"id": "CVE-2022-41021"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siretta:quartz-gold_firmware:g5.0.1.5-210720-141020:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siretta:quartz-gold:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-41021"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1900"
}
],
"trust": 0.6
},
"cve": "CVE-2022-41021",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.4,
"id": "CNVD-2023-17087",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-41021",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-41021",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-41021",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2023-17087",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202301-1900",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17087"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008180"
},
{
"db": "NVD",
"id": "CVE-2022-41021"
},
{
"db": "NVD",
"id": "CVE-2022-41021"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1900"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the \u0027vpn l2tp advanced name WORD dns (yes|no) mtu \u003c128-16384\u003e mru \u003c128-16384\u003e auth (on|off) password (WORD|null) options WORD\u0027 command template. Siretta QUARTZ-GOLD Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed dual-port Gigabit Ethernet industrial router from Siretta Company",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-41021"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008180"
},
{
"db": "CNVD",
"id": "CNVD-2023-17087"
},
{
"db": "VULMON",
"id": "CVE-2022-41021"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-41021",
"trust": 3.9
},
{
"db": "TALOS",
"id": "TALOS-2022-1613",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008180",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-17087",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1900",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-41021",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17087"
},
{
"db": "VULMON",
"id": "CVE-2022-41021"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008180"
},
{
"db": "NVD",
"id": "CVE-2022-41021"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1900"
}
]
},
"id": "VAR-202301-1761",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17087"
}
],
"trust": 1.33040676
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17087"
}
]
},
"last_update_date": "2023-12-18T11:55:08.463000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.siretta.com/"
},
{
"title": "Patch for Siretta QUARTZ-GOLD Buffer Overflow Vulnerability (CNVD-2023-17087)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/413876"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17087"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008180"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008180"
},
{
"db": "NVD",
"id": "CVE-2022-41021"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1613"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-41021"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-41021/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17087"
},
{
"db": "VULMON",
"id": "CVE-2022-41021"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008180"
},
{
"db": "NVD",
"id": "CVE-2022-41021"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1900"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-17087"
},
{
"db": "VULMON",
"id": "CVE-2022-41021"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008180"
},
{
"db": "NVD",
"id": "CVE-2022-41021"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1900"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-17087"
},
{
"date": "2023-01-26T00:00:00",
"db": "VULMON",
"id": "CVE-2022-41021"
},
{
"date": "2023-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-008180"
},
{
"date": "2023-01-26T22:15:22.203000",
"db": "NVD",
"id": "CVE-2022-41021"
},
{
"date": "2023-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1900"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-17087"
},
{
"date": "2023-01-27T00:00:00",
"db": "VULMON",
"id": "CVE-2022-41021"
},
{
"date": "2023-07-25T01:06:00",
"db": "JVNDB",
"id": "JVNDB-2022-008180"
},
{
"date": "2023-02-02T18:44:03.127000",
"db": "NVD",
"id": "CVE-2022-41021"
},
{
"date": "2023-02-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1900"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1900"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siretta\u00a0QUARTZ-GOLD\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008180"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1900"
}
],
"trust": 0.6
}
}
VAR-202301-1765
Vulnerability from variot - Updated: 2023-12-18 11:55Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'firmwall keyword WORD description (WORD|null)' command template. Siretta QUARTZ-GOLD Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed industrial router of Siretta Company. Attackers can use this vulnerability to execute arbitrary commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202301-1765",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quartz-gold",
"scope": "eq",
"trust": 1.0,
"vendor": "siretta",
"version": "g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": "quartz-gold firmware g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": null
},
{
"model": "quartz-gold g5.0.1.5-210720-141020",
"scope": null,
"trust": 0.6,
"vendor": "siretta",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-16880"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006963"
},
{
"db": "NVD",
"id": "CVE-2022-40993"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siretta:quartz-gold_firmware:g5.0.1.5-210720-141020:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siretta:quartz-gold:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-40993"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1928"
}
],
"trust": 0.6
},
"cve": "CVE-2022-40993",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2023-16880",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-40993",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-40993",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-40993",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2023-16880",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202301-1928",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-16880"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006963"
},
{
"db": "NVD",
"id": "CVE-2022-40993"
},
{
"db": "NVD",
"id": "CVE-2022-40993"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1928"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the \u0027firmwall keyword WORD description (WORD|null)\u0027 command template. Siretta QUARTZ-GOLD Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed industrial router of Siretta Company. Attackers can use this vulnerability to execute arbitrary commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-40993"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006963"
},
{
"db": "CNVD",
"id": "CNVD-2023-16880"
},
{
"db": "VULMON",
"id": "CVE-2022-40993"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-40993",
"trust": 3.9
},
{
"db": "TALOS",
"id": "TALOS-2022-1613",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006963",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-16880",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1928",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-40993",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-16880"
},
{
"db": "VULMON",
"id": "CVE-2022-40993"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006963"
},
{
"db": "NVD",
"id": "CVE-2022-40993"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1928"
}
]
},
"id": "VAR-202301-1765",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-16880"
}
],
"trust": 1.33040676
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-16880"
}
]
},
"last_update_date": "2023-12-18T11:55:08.434000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.siretta.com/"
},
{
"title": "Patch for Siretta QUARTZ-GOLD Buffer Overflow Vulnerability (CNVD-2023-16880)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/413536"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-16880"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006963"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-006963"
},
{
"db": "NVD",
"id": "CVE-2022-40993"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1613"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40993"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-40993/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-16880"
},
{
"db": "VULMON",
"id": "CVE-2022-40993"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006963"
},
{
"db": "NVD",
"id": "CVE-2022-40993"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1928"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-16880"
},
{
"db": "VULMON",
"id": "CVE-2022-40993"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006963"
},
{
"db": "NVD",
"id": "CVE-2022-40993"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1928"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-16880"
},
{
"date": "2023-01-26T00:00:00",
"db": "VULMON",
"id": "CVE-2022-40993"
},
{
"date": "2023-07-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-006963"
},
{
"date": "2023-01-26T22:15:17.103000",
"db": "NVD",
"id": "CVE-2022-40993"
},
{
"date": "2023-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1928"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-16880"
},
{
"date": "2023-01-27T00:00:00",
"db": "VULMON",
"id": "CVE-2022-40993"
},
{
"date": "2023-07-11T01:52:00",
"db": "JVNDB",
"id": "JVNDB-2022-006963"
},
{
"date": "2023-02-02T17:53:07.553000",
"db": "NVD",
"id": "CVE-2022-40993"
},
{
"date": "2023-02-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1928"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1928"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siretta\u00a0QUARTZ-GOLD\u00a0 Classic buffer overflow vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-006963"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1928"
}
],
"trust": 0.6
}
}
VAR-202301-1750
Vulnerability from variot - Updated: 2023-12-18 11:55Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no vpn basic protocol (l2tp|pptp) name WORD server WORD username WORD passsword WORD firmwall (on|off) defroute (on|off)' command template. Siretta QUARTZ-GOLD Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed industrial router of Siretta Company. Attackers can use this vulnerability to execute arbitrary commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202301-1750",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quartz-gold",
"scope": "eq",
"trust": 1.0,
"vendor": "siretta",
"version": "g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": null
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": "quartz-gold firmware g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold g5.0.1.5-210720-141020",
"scope": null,
"trust": 0.6,
"vendor": "siretta",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17043"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007258"
},
{
"db": "NVD",
"id": "CVE-2022-41016"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siretta:quartz-gold_firmware:g5.0.1.5-210720-141020:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siretta:quartz-gold:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-41016"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1905"
}
],
"trust": 0.6
},
"cve": "CVE-2022-41016",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2023-17043",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-41016",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-41016",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-41016",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2023-17043",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202301-1905",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17043"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007258"
},
{
"db": "NVD",
"id": "CVE-2022-41016"
},
{
"db": "NVD",
"id": "CVE-2022-41016"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1905"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the \u0027no vpn basic protocol (l2tp|pptp) name WORD server WORD username WORD passsword WORD firmwall (on|off) defroute (on|off)\u0027 command template. Siretta QUARTZ-GOLD Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed industrial router of Siretta Company. Attackers can use this vulnerability to execute arbitrary commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-41016"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007258"
},
{
"db": "CNVD",
"id": "CNVD-2023-17043"
},
{
"db": "VULMON",
"id": "CVE-2022-41016"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-41016",
"trust": 3.9
},
{
"db": "TALOS",
"id": "TALOS-2022-1613",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007258",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-17043",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1905",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-41016",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17043"
},
{
"db": "VULMON",
"id": "CVE-2022-41016"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007258"
},
{
"db": "NVD",
"id": "CVE-2022-41016"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1905"
}
]
},
"id": "VAR-202301-1750",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17043"
}
],
"trust": 1.33040676
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17043"
}
]
},
"last_update_date": "2023-12-18T11:55:08.406000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.siretta.com/"
},
{
"title": "Patch for Siretta QUARTZ-GOLD Buffer Overflow Vulnerability (CNVD-2023-17043)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/413726"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17043"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007258"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-007258"
},
{
"db": "NVD",
"id": "CVE-2022-41016"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1613"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-41016"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-41016/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17043"
},
{
"db": "VULMON",
"id": "CVE-2022-41016"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007258"
},
{
"db": "NVD",
"id": "CVE-2022-41016"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1905"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-17043"
},
{
"db": "VULMON",
"id": "CVE-2022-41016"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007258"
},
{
"db": "NVD",
"id": "CVE-2022-41016"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1905"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-17043"
},
{
"date": "2023-01-26T00:00:00",
"db": "VULMON",
"id": "CVE-2022-41016"
},
{
"date": "2023-07-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-007258"
},
{
"date": "2023-01-26T22:15:20.997000",
"db": "NVD",
"id": "CVE-2022-41016"
},
{
"date": "2023-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1905"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-17043"
},
{
"date": "2023-01-27T00:00:00",
"db": "VULMON",
"id": "CVE-2022-41016"
},
{
"date": "2023-07-13T07:18:00",
"db": "JVNDB",
"id": "JVNDB-2022-007258"
},
{
"date": "2023-10-18T17:44:19.767000",
"db": "NVD",
"id": "CVE-2022-41016"
},
{
"date": "2023-02-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1905"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1905"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siretta\u00a0QUARTZ-GOLD\u00a0 Classic buffer overflow vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-007258"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1905"
}
],
"trust": 0.6
}
}
VAR-202301-1755
Vulnerability from variot - Updated: 2023-12-18 11:55Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no port triger protocol (tcp|udp|tcp/udp) triger port <1-65535> forward port <1-65535> description WORD' command template. Siretta QUARTZ-GOLD Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed industrial router of Siretta Company. Attackers can use this vulnerability to execute arbitrary commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202301-1755",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quartz-gold",
"scope": "eq",
"trust": 1.0,
"vendor": "siretta",
"version": "g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": null
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": "quartz-gold firmware g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold g5.0.1.5-210720-141020",
"scope": null,
"trust": 0.6,
"vendor": "siretta",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17039"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007252"
},
{
"db": "NVD",
"id": "CVE-2022-41010"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siretta:quartz-gold_firmware:g5.0.1.5-210720-141020:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siretta:quartz-gold:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-41010"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1911"
}
],
"trust": 0.6
},
"cve": "CVE-2022-41010",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2023-17039",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-41010",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-41010",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-41010",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2023-17039",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202301-1911",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17039"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007252"
},
{
"db": "NVD",
"id": "CVE-2022-41010"
},
{
"db": "NVD",
"id": "CVE-2022-41010"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1911"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the \u0027no port triger protocol (tcp|udp|tcp/udp) triger port \u003c1-65535\u003e forward port \u003c1-65535\u003e description WORD\u0027 command template. Siretta QUARTZ-GOLD Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed industrial router of Siretta Company. Attackers can use this vulnerability to execute arbitrary commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-41010"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007252"
},
{
"db": "CNVD",
"id": "CNVD-2023-17039"
},
{
"db": "VULMON",
"id": "CVE-2022-41010"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-41010",
"trust": 3.9
},
{
"db": "TALOS",
"id": "TALOS-2022-1613",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007252",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-17039",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1911",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-41010",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17039"
},
{
"db": "VULMON",
"id": "CVE-2022-41010"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007252"
},
{
"db": "NVD",
"id": "CVE-2022-41010"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1911"
}
]
},
"id": "VAR-202301-1755",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17039"
}
],
"trust": 1.33040676
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17039"
}
]
},
"last_update_date": "2023-12-18T11:55:08.377000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.siretta.com/"
},
{
"title": "Patch for Siretta QUARTZ-GOLD Buffer Overflow Vulnerability (CNVD-2023-17039)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/413701"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17039"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007252"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-007252"
},
{
"db": "NVD",
"id": "CVE-2022-41010"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1613"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-41010"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-41010/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17039"
},
{
"db": "VULMON",
"id": "CVE-2022-41010"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007252"
},
{
"db": "NVD",
"id": "CVE-2022-41010"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1911"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-17039"
},
{
"db": "VULMON",
"id": "CVE-2022-41010"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007252"
},
{
"db": "NVD",
"id": "CVE-2022-41010"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1911"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-17039"
},
{
"date": "2023-01-26T00:00:00",
"db": "VULMON",
"id": "CVE-2022-41010"
},
{
"date": "2023-07-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-007252"
},
{
"date": "2023-01-26T22:15:20.137000",
"db": "NVD",
"id": "CVE-2022-41010"
},
{
"date": "2023-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1911"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-17039"
},
{
"date": "2023-01-27T00:00:00",
"db": "VULMON",
"id": "CVE-2022-41010"
},
{
"date": "2023-07-13T07:07:00",
"db": "JVNDB",
"id": "JVNDB-2022-007252"
},
{
"date": "2023-02-03T17:17:56.027000",
"db": "NVD",
"id": "CVE-2022-41010"
},
{
"date": "2023-02-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1911"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1911"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siretta\u00a0QUARTZ-GOLD\u00a0 Classic buffer overflow vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-007252"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1911"
}
],
"trust": 0.6
}
}
VAR-202301-1764
Vulnerability from variot - Updated: 2023-12-18 11:55Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no gre index <1-8> destination A.B.C.D/M description (WORD|null)' command template. Siretta QUARTZ-GOLD Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed industrial router of Siretta Company. Attackers can use this vulnerability to execute arbitrary commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202301-1764",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quartz-gold",
"scope": "eq",
"trust": 1.0,
"vendor": "siretta",
"version": "g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": null
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": "quartz-gold firmware g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold g5.0.1.5-210720-141020",
"scope": null,
"trust": 0.6,
"vendor": "siretta",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17027"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008165"
},
{
"db": "NVD",
"id": "CVE-2022-40998"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siretta:quartz-gold_firmware:g5.0.1.5-210720-141020:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siretta:quartz-gold:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-40998"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1924"
}
],
"trust": 0.6
},
"cve": "CVE-2022-40998",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2023-17027",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-40998",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-40998",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-40998",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2023-17027",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202301-1924",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17027"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008165"
},
{
"db": "NVD",
"id": "CVE-2022-40998"
},
{
"db": "NVD",
"id": "CVE-2022-40998"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1924"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the \u0027no gre index \u003c1-8\u003e destination A.B.C.D/M description (WORD|null)\u0027 command template. Siretta QUARTZ-GOLD Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed industrial router of Siretta Company. Attackers can use this vulnerability to execute arbitrary commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-40998"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008165"
},
{
"db": "CNVD",
"id": "CNVD-2023-17027"
},
{
"db": "VULMON",
"id": "CVE-2022-40998"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-40998",
"trust": 3.9
},
{
"db": "TALOS",
"id": "TALOS-2022-1613",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008165",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-17027",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1924",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-40998",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17027"
},
{
"db": "VULMON",
"id": "CVE-2022-40998"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008165"
},
{
"db": "NVD",
"id": "CVE-2022-40998"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1924"
}
]
},
"id": "VAR-202301-1764",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17027"
}
],
"trust": 1.33040676
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17027"
}
]
},
"last_update_date": "2023-12-18T11:55:08.349000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.siretta.com/"
},
{
"title": "Patch for Siretta QUARTZ-GOLD Buffer Overflow Vulnerability (CNVD-2023-17027)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/413626"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17027"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008165"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008165"
},
{
"db": "NVD",
"id": "CVE-2022-40998"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1613"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40998"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-40998/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17027"
},
{
"db": "VULMON",
"id": "CVE-2022-40998"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008165"
},
{
"db": "NVD",
"id": "CVE-2022-40998"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1924"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-17027"
},
{
"db": "VULMON",
"id": "CVE-2022-40998"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008165"
},
{
"db": "NVD",
"id": "CVE-2022-40998"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1924"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-17027"
},
{
"date": "2023-01-26T00:00:00",
"db": "VULMON",
"id": "CVE-2022-40998"
},
{
"date": "2023-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-008165"
},
{
"date": "2023-01-26T22:15:17.467000",
"db": "NVD",
"id": "CVE-2022-40998"
},
{
"date": "2023-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1924"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-17027"
},
{
"date": "2023-01-27T00:00:00",
"db": "VULMON",
"id": "CVE-2022-40998"
},
{
"date": "2023-07-25T00:22:00",
"db": "JVNDB",
"id": "JVNDB-2022-008165"
},
{
"date": "2023-02-03T16:28:45.953000",
"db": "NVD",
"id": "CVE-2022-40998"
},
{
"date": "2023-02-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1924"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1924"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siretta\u00a0QUARTZ-GOLD\u00a0 Classic buffer overflow vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008165"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1924"
}
],
"trust": 0.6
}
}
VAR-202301-1740
Vulnerability from variot - Updated: 2023-12-18 11:55Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'bandwidth WORD dlrate <1-9999> dlceil <1-9999> ulrate <1-9999> ulceil <1-9999> priority (highest|high|normal|low|lowest)' command template. Siretta QUARTZ-GOLD Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed industrial router of Siretta Company. Attackers can use this vulnerability to execute arbitrary commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202301-1740",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quartz-gold",
"scope": "eq",
"trust": 1.0,
"vendor": "siretta",
"version": "g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": "quartz-gold firmware g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": null
},
{
"model": "quartz-gold g5.0.1.5-210720-141020",
"scope": null,
"trust": 0.6,
"vendor": "siretta",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-16876"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006967"
},
{
"db": "NVD",
"id": "CVE-2022-40989"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siretta:quartz-gold_firmware:g5.0.1.5-210720-141020:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siretta:quartz-gold:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-40989"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1932"
}
],
"trust": 0.6
},
"cve": "CVE-2022-40989",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2023-16876",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-40989",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-40989",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-40989",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2023-16876",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202301-1932",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-16876"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006967"
},
{
"db": "NVD",
"id": "CVE-2022-40989"
},
{
"db": "NVD",
"id": "CVE-2022-40989"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1932"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the \u0027bandwidth WORD dlrate \u003c1-9999\u003e dlceil \u003c1-9999\u003e ulrate \u003c1-9999\u003e ulceil \u003c1-9999\u003e priority (highest|high|normal|low|lowest)\u0027 command template. Siretta QUARTZ-GOLD Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed industrial router of Siretta Company. Attackers can use this vulnerability to execute arbitrary commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-40989"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006967"
},
{
"db": "CNVD",
"id": "CNVD-2023-16876"
},
{
"db": "VULMON",
"id": "CVE-2022-40989"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-40989",
"trust": 3.9
},
{
"db": "TALOS",
"id": "TALOS-2022-1613",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006967",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-16876",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1932",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-40989",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-16876"
},
{
"db": "VULMON",
"id": "CVE-2022-40989"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006967"
},
{
"db": "NVD",
"id": "CVE-2022-40989"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1932"
}
]
},
"id": "VAR-202301-1740",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-16876"
}
],
"trust": 1.33040676
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-16876"
}
]
},
"last_update_date": "2023-12-18T11:55:08.320000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.siretta.com/"
},
{
"title": "Patch for Siretta QUARTZ-GOLD Buffer Overflow Vulnerability (CNVD-2023-16876)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/413521"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-16876"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006967"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-006967"
},
{
"db": "NVD",
"id": "CVE-2022-40989"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1613"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-40989"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-40989/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-16876"
},
{
"db": "VULMON",
"id": "CVE-2022-40989"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006967"
},
{
"db": "NVD",
"id": "CVE-2022-40989"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1932"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-16876"
},
{
"db": "VULMON",
"id": "CVE-2022-40989"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-006967"
},
{
"db": "NVD",
"id": "CVE-2022-40989"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1932"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-16876"
},
{
"date": "2023-01-26T00:00:00",
"db": "VULMON",
"id": "CVE-2022-40989"
},
{
"date": "2023-07-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-006967"
},
{
"date": "2023-01-26T22:15:16.807000",
"db": "NVD",
"id": "CVE-2022-40989"
},
{
"date": "2023-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1932"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-16876"
},
{
"date": "2023-01-27T00:00:00",
"db": "VULMON",
"id": "CVE-2022-40989"
},
{
"date": "2023-07-11T02:07:00",
"db": "JVNDB",
"id": "JVNDB-2022-006967"
},
{
"date": "2023-02-02T17:54:27.417000",
"db": "NVD",
"id": "CVE-2022-40989"
},
{
"date": "2023-02-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1932"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1932"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siretta\u00a0QUARTZ-GOLD\u00a0 Classic buffer overflow vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-006967"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1932"
}
],
"trust": 0.6
}
}
VAR-202301-1747
Vulnerability from variot - Updated: 2023-12-18 11:55Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no vpn l2tp advanced name WORD dns (yes|no) mtu <128-16384> mru <128-16384> auth (on|off) password (WORD|null) options WORD' command template. Siretta QUARTZ-GOLD Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed dual-port Gigabit Ethernet industrial router from Siretta Company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202301-1747",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quartz-gold",
"scope": "eq",
"trust": 1.0,
"vendor": "siretta",
"version": "g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": null
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": "quartz-gold firmware g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold g5.0.1.5-210720-141020",
"scope": null,
"trust": 0.6,
"vendor": "siretta",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17088"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008179"
},
{
"db": "NVD",
"id": "CVE-2022-41022"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siretta:quartz-gold_firmware:g5.0.1.5-210720-141020:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siretta:quartz-gold:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-41022"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1899"
}
],
"trust": 0.6
},
"cve": "CVE-2022-41022",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.4,
"id": "CNVD-2023-17088",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-41022",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-41022",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-41022",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2023-17088",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202301-1899",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17088"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008179"
},
{
"db": "NVD",
"id": "CVE-2022-41022"
},
{
"db": "NVD",
"id": "CVE-2022-41022"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1899"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the \u0027no vpn l2tp advanced name WORD dns (yes|no) mtu \u003c128-16384\u003e mru \u003c128-16384\u003e auth (on|off) password (WORD|null) options WORD\u0027 command template. Siretta QUARTZ-GOLD Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed dual-port Gigabit Ethernet industrial router from Siretta Company",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-41022"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008179"
},
{
"db": "CNVD",
"id": "CNVD-2023-17088"
},
{
"db": "VULMON",
"id": "CVE-2022-41022"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-41022",
"trust": 3.9
},
{
"db": "TALOS",
"id": "TALOS-2022-1613",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008179",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-17088",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1899",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-41022",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17088"
},
{
"db": "VULMON",
"id": "CVE-2022-41022"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008179"
},
{
"db": "NVD",
"id": "CVE-2022-41022"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1899"
}
]
},
"id": "VAR-202301-1747",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17088"
}
],
"trust": 1.33040676
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17088"
}
]
},
"last_update_date": "2023-12-18T11:55:08.292000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.siretta.com/"
},
{
"title": "Patch for Siretta QUARTZ-GOLD Buffer Overflow Vulnerability (CNVD-2023-17088)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/413881"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17088"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008179"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008179"
},
{
"db": "NVD",
"id": "CVE-2022-41022"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1613"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-41022"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-41022/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17088"
},
{
"db": "VULMON",
"id": "CVE-2022-41022"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008179"
},
{
"db": "NVD",
"id": "CVE-2022-41022"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1899"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-17088"
},
{
"db": "VULMON",
"id": "CVE-2022-41022"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008179"
},
{
"db": "NVD",
"id": "CVE-2022-41022"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1899"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-17088"
},
{
"date": "2023-01-26T00:00:00",
"db": "VULMON",
"id": "CVE-2022-41022"
},
{
"date": "2023-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-008179"
},
{
"date": "2023-01-26T22:15:22.367000",
"db": "NVD",
"id": "CVE-2022-41022"
},
{
"date": "2023-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1899"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-17088"
},
{
"date": "2023-01-27T00:00:00",
"db": "VULMON",
"id": "CVE-2022-41022"
},
{
"date": "2023-07-25T01:05:00",
"db": "JVNDB",
"id": "JVNDB-2022-008179"
},
{
"date": "2023-02-02T18:43:43.747000",
"db": "NVD",
"id": "CVE-2022-41022"
},
{
"date": "2023-02-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1899"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1899"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siretta\u00a0QUARTZ-GOLD\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008179"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1899"
}
],
"trust": 0.6
}
}
VAR-202301-1759
Vulnerability from variot - Updated: 2023-12-18 11:55Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no static dhcp mac WORD (WORD|null) ip A.B.C.D hostname (WORD|null) description (WORD|null)' command template. Siretta QUARTZ-GOLD Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is an industrial router with various functions and services
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202301-1759",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quartz-gold",
"scope": "eq",
"trust": 1.0,
"vendor": "siretta",
"version": "g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": null
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": "quartz-gold firmware g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold g5.0.1.5-210720-141020",
"scope": null,
"trust": 0.6,
"vendor": "siretta",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17066"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007256"
},
{
"db": "NVD",
"id": "CVE-2022-41014"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siretta:quartz-gold_firmware:g5.0.1.5-210720-141020:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siretta:quartz-gold:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-41014"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1907"
}
],
"trust": 0.6
},
"cve": "CVE-2022-41014",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2023-17066",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-41014",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-41014",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-41014",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2023-17066",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202301-1907",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17066"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007256"
},
{
"db": "NVD",
"id": "CVE-2022-41014"
},
{
"db": "NVD",
"id": "CVE-2022-41014"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1907"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the \u0027no static dhcp mac WORD (WORD|null) ip A.B.C.D hostname (WORD|null) description (WORD|null)\u0027 command template. Siretta QUARTZ-GOLD Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is an industrial router with various functions and services",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-41014"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007256"
},
{
"db": "CNVD",
"id": "CNVD-2023-17066"
},
{
"db": "VULMON",
"id": "CVE-2022-41014"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-41014",
"trust": 3.9
},
{
"db": "TALOS",
"id": "TALOS-2022-1613",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007256",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-17066",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1907",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-41014",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17066"
},
{
"db": "VULMON",
"id": "CVE-2022-41014"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007256"
},
{
"db": "NVD",
"id": "CVE-2022-41014"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1907"
}
]
},
"id": "VAR-202301-1759",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17066"
}
],
"trust": 1.33040676
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17066"
}
]
},
"last_update_date": "2023-12-18T11:55:08.262000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.siretta.com/"
},
{
"title": "Patch for Siretta QUARTZ-GOLD Buffer Overflow Vulnerability (CNVD-2023-17066)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/413771"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17066"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007256"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.0
},
{
"problemtype": "Classic buffer overflow (CWE-120) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-007256"
},
{
"db": "NVD",
"id": "CVE-2022-41014"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1613"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-41014"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-41014/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17066"
},
{
"db": "VULMON",
"id": "CVE-2022-41014"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007256"
},
{
"db": "NVD",
"id": "CVE-2022-41014"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1907"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-17066"
},
{
"db": "VULMON",
"id": "CVE-2022-41014"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-007256"
},
{
"db": "NVD",
"id": "CVE-2022-41014"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1907"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-17066"
},
{
"date": "2023-01-26T00:00:00",
"db": "VULMON",
"id": "CVE-2022-41014"
},
{
"date": "2023-07-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-007256"
},
{
"date": "2023-01-26T22:15:20.713000",
"db": "NVD",
"id": "CVE-2022-41014"
},
{
"date": "2023-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1907"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-17066"
},
{
"date": "2023-01-27T00:00:00",
"db": "VULMON",
"id": "CVE-2022-41014"
},
{
"date": "2023-07-13T07:15:00",
"db": "JVNDB",
"id": "JVNDB-2022-007256"
},
{
"date": "2023-02-03T17:18:27.117000",
"db": "NVD",
"id": "CVE-2022-41014"
},
{
"date": "2023-02-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1907"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1907"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siretta\u00a0QUARTZ-GOLD\u00a0 Classic buffer overflow vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-007256"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1907"
}
],
"trust": 0.6
}
}
VAR-202301-1732
Vulnerability from variot - Updated: 2023-12-18 11:55Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'vpn schedule name1 WORD name2 WORD policy (failover|backup) description (WORD|null)' command template. Siretta QUARTZ-GOLD Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed dual-port Gigabit Ethernet industrial router from Siretta Company.
Siretta QUARTZ-GOLD has a buffer overflow vulnerability, which can be exploited by attackers to execute arbitrary commands through specially crafted network packets
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202301-1732",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quartz-gold",
"scope": "eq",
"trust": 1.0,
"vendor": "siretta",
"version": "g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": null
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": "quartz-gold firmware g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold g5.0.1.5-210720-141020",
"scope": null,
"trust": 0.6,
"vendor": "siretta",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17072"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008174"
},
{
"db": "NVD",
"id": "CVE-2022-41027"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siretta:quartz-gold_firmware:g5.0.1.5-210720-141020:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siretta:quartz-gold:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-41027"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1894"
}
],
"trust": 0.6
},
"cve": "CVE-2022-41027",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.4,
"id": "CNVD-2023-17072",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-41027",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-41027",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-41027",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2023-17072",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202301-1894",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17072"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008174"
},
{
"db": "NVD",
"id": "CVE-2022-41027"
},
{
"db": "NVD",
"id": "CVE-2022-41027"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1894"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the \u0027vpn schedule name1 WORD name2 WORD policy (failover|backup) description (WORD|null)\u0027 command template. Siretta QUARTZ-GOLD Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed dual-port Gigabit Ethernet industrial router from Siretta Company. \n\r\n\r\nSiretta QUARTZ-GOLD has a buffer overflow vulnerability, which can be exploited by attackers to execute arbitrary commands through specially crafted network packets",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-41027"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008174"
},
{
"db": "CNVD",
"id": "CNVD-2023-17072"
},
{
"db": "VULMON",
"id": "CVE-2022-41027"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-41027",
"trust": 3.9
},
{
"db": "TALOS",
"id": "TALOS-2022-1613",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008174",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-17072",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1894",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-41027",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17072"
},
{
"db": "VULMON",
"id": "CVE-2022-41027"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008174"
},
{
"db": "NVD",
"id": "CVE-2022-41027"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1894"
}
]
},
"id": "VAR-202301-1732",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17072"
}
],
"trust": 1.33040676
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17072"
}
]
},
"last_update_date": "2023-12-18T11:55:08.233000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.siretta.com/"
},
{
"title": "Patch for Siretta QUARTZ-GOLD Buffer Overflow Vulnerability (CNVD-2023-17072)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/413801"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17072"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008174"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008174"
},
{
"db": "NVD",
"id": "CVE-2022-41027"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1613"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-41027"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-41027/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17072"
},
{
"db": "VULMON",
"id": "CVE-2022-41027"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008174"
},
{
"db": "NVD",
"id": "CVE-2022-41027"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1894"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-17072"
},
{
"db": "VULMON",
"id": "CVE-2022-41027"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008174"
},
{
"db": "NVD",
"id": "CVE-2022-41027"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1894"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-17072"
},
{
"date": "2023-01-26T00:00:00",
"db": "VULMON",
"id": "CVE-2022-41027"
},
{
"date": "2023-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-008174"
},
{
"date": "2023-01-26T22:15:23.060000",
"db": "NVD",
"id": "CVE-2022-41027"
},
{
"date": "2023-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1894"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-17072"
},
{
"date": "2023-01-27T00:00:00",
"db": "VULMON",
"id": "CVE-2022-41027"
},
{
"date": "2023-07-25T00:56:00",
"db": "JVNDB",
"id": "JVNDB-2022-008174"
},
{
"date": "2023-02-02T18:41:37.890000",
"db": "NVD",
"id": "CVE-2022-41027"
},
{
"date": "2023-02-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1894"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1894"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siretta\u00a0QUARTZ-GOLD\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008174"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1894"
}
],
"trust": 0.6
}
}
VAR-202301-1749
Vulnerability from variot - Updated: 2023-12-18 11:55Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'vpn pptp advanced name WORD dns (yes|no) mtu <128-16384> mru <128-16384> mppe (on|off) stateful (on|off)' command template. Siretta QUARTZ-GOLD Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed dual-port Gigabit Ethernet industrial router from Siretta Company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202301-1749",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quartz-gold",
"scope": "eq",
"trust": 1.0,
"vendor": "siretta",
"version": "g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": null
},
{
"model": "quartz-gold",
"scope": "eq",
"trust": 0.8,
"vendor": "siretta",
"version": "quartz-gold firmware g5.0.1.5-210720-141020"
},
{
"model": "quartz-gold g5.0.1.5-210720-141020",
"scope": null,
"trust": 0.6,
"vendor": "siretta",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17089"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008178"
},
{
"db": "NVD",
"id": "CVE-2022-41023"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siretta:quartz-gold_firmware:g5.0.1.5-210720-141020:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siretta:quartz-gold:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-41023"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Francesco Benvenuto of Cisco Talos.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1898"
}
],
"trust": 0.6
},
"cve": "CVE-2022-41023",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.4,
"id": "CNVD-2023-17089",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-41023",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-41023",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2022-41023",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2023-17089",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202301-1898",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17089"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008178"
},
{
"db": "NVD",
"id": "CVE-2022-41023"
},
{
"db": "NVD",
"id": "CVE-2022-41023"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1898"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the \u0027vpn pptp advanced name WORD dns (yes|no) mtu \u003c128-16384\u003e mru \u003c128-16384\u003e mppe (on|off) stateful (on|off)\u0027 command template. Siretta QUARTZ-GOLD Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siretta QUARTZ-GOLD is a high-speed dual-port Gigabit Ethernet industrial router from Siretta Company",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-41023"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008178"
},
{
"db": "CNVD",
"id": "CNVD-2023-17089"
},
{
"db": "VULMON",
"id": "CVE-2022-41023"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-41023",
"trust": 3.9
},
{
"db": "TALOS",
"id": "TALOS-2022-1613",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008178",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2023-17089",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1898",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-41023",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17089"
},
{
"db": "VULMON",
"id": "CVE-2022-41023"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008178"
},
{
"db": "NVD",
"id": "CVE-2022-41023"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1898"
}
]
},
"id": "VAR-202301-1749",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17089"
}
],
"trust": 1.33040676
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17089"
}
]
},
"last_update_date": "2023-12-18T11:55:08.203000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.siretta.com/"
},
{
"title": "Patch for Siretta QUARTZ-GOLD Buffer Overflow Vulnerability (CNVD-2023-17089)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/413886"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17089"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008178"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008178"
},
{
"db": "NVD",
"id": "CVE-2022-41023"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2022-1613"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-41023"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-41023/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2023-17089"
},
{
"db": "VULMON",
"id": "CVE-2022-41023"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008178"
},
{
"db": "NVD",
"id": "CVE-2022-41023"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1898"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2023-17089"
},
{
"db": "VULMON",
"id": "CVE-2022-41023"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-008178"
},
{
"db": "NVD",
"id": "CVE-2022-41023"
},
{
"db": "CNNVD",
"id": "CNNVD-202301-1898"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-17089"
},
{
"date": "2023-01-26T00:00:00",
"db": "VULMON",
"id": "CVE-2022-41023"
},
{
"date": "2023-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-008178"
},
{
"date": "2023-01-26T22:15:22.507000",
"db": "NVD",
"id": "CVE-2022-41023"
},
{
"date": "2023-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1898"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2023-17089"
},
{
"date": "2023-01-27T00:00:00",
"db": "VULMON",
"id": "CVE-2022-41023"
},
{
"date": "2023-07-25T01:04:00",
"db": "JVNDB",
"id": "JVNDB-2022-008178"
},
{
"date": "2023-02-02T18:43:22.603000",
"db": "NVD",
"id": "CVE-2022-41023"
},
{
"date": "2023-02-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202301-1898"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1898"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siretta\u00a0QUARTZ-GOLD\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-008178"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202301-1898"
}
],
"trust": 0.6
}
}