{"vulnerability": "CVE-2022-4101", "sightings": [{"uuid": "c23c13e9-2ceb-44ba-9d58-52704ced7c6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41016", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9423", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-41016\n\ud83d\udd25 CVSS Score: 7.2 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no vpn basic protocol (l2tp|pptp) name WORD server WORD username WORD passsword WORD firmwall (on|off) defroute (on|off)' command template.\n\ud83d\udccf Published: 2023-01-26T21:24:40.733Z\n\ud83d\udccf Modified: 2025-03-28T17:36:11.743Z\n\ud83d\udd17 References:\n1. https://talosintelligence.com/vulnerability_reports/TALOS-2022-1613", "creation_timestamp": "2025-03-28T18:28:25.000000Z"}, {"uuid": "56b97961-2e4f-4fab-8d2c-e8e50d3e0203", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4101", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10519", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-4101\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Images Optimize and Upload CF7 WordPress plugin through 2.1.4 does not validate the file to be deleted via an AJAX action available to unauthenticated users, which could allow them to delete arbitrary files on the server via path traversal attack.\n\ud83d\udccf Published: 2023-01-16T15:37:49.606Z\n\ud83d\udccf Modified: 2025-04-04T18:24:43.550Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/2ce4c837-c62c-41ac-95ca-54bb1a6d1eeb", "creation_timestamp": "2025-04-04T18:36:12.000000Z"}, {"uuid": "9907b8f8-7c2c-4404-9001-4c9d79c6be3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41017", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9424", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-41017\n\ud83d\udd25 CVSS Score: 7.2 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'vpn basic protocol (l2tp|pptp) name WORD server WORD username WORD passsword WORD firmwall (on|off) defroute (on|off) localip A.B.C.D' command template.\n\ud83d\udccf Published: 2023-01-26T21:24:40.815Z\n\ud83d\udccf Modified: 2025-03-28T17:35:50.674Z\n\ud83d\udd17 References:\n1. https://talosintelligence.com/vulnerability_reports/TALOS-2022-1613", "creation_timestamp": "2025-03-28T18:28:26.000000Z"}, {"uuid": "7b13b22b-a039-4316-b887-d6bbabc01259", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41012", "type": "seen", "source": "https://t.me/cibsecurity/57004", "content": "\u203c CVE-2022-41012 \u203c\n\nSeveral stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no schedule link1 WORD link2 WORD policy (failover|backup) description (WORD|null)' command template.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-27T00:46:57.000000Z"}]}