CVE-2022-1669
MEDIUMCIRCUTOR Compact DC-S Basic Firmware - Authenticated Stack-based Buffer Overflow via Address Parameter
Title source: llmDescription
A buffer overflow vulnerability has been detected in the firewall function of the device management web portal. The device runs a CGI binary (index.cgi) to offer a management web application. Once authenticated with valid credentials in this web portal, a potential attacker could submit any "Address" value and it would be copied to a second variable with a "strcpy" vulnerable function without checking its length. Because of this, it is possible to send a long address value to overflow the process stack, controlling the function return address.
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://www.cisa.gov/uscert/ics/advisories/icsa-22-137-01
Scores
CVSS v3
6.8
EPSS
0.0072
EPSS Percentile
49.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-121
Status
published
Products (1)
circutor/compact_dc-s_basic_firmware
1.2.17
Published
May 24, 2022
Tracked Since
Feb 18, 2026