Vulnerabilities > CVE-2022-1669 - Stack-based Buffer Overflow vulnerability in Circutor Compact Dc-S Basic Firmware 1.2.17

CVSS 5.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

circutor

CWE-121

NVD

Published: 2022-05-24

Updated: 2022-06-10

Summary

A buffer overflow vulnerability has been detected in the firewall function of the device management web portal. The device runs a CGI binary (index.cgi) to offer a management web application. Once authenticated with valid credentials in this web portal, a potential attacker could submit any "Address" value and it would be copied to a second variable with a "strcpy" vulnerable function without checking its length. Because of this, it is possible to send a long address value to overflow the process stack, controlling the function return address.

Vulnerable Configurations

Part	Description	Count
OS	Circutor Circutor Compact DC S Basic Firmware 1.2.17	1
Hardware	Circutor Circutor Compact DC S Basic -	1

Common Weakness Enumeration (CWE)

CWE-121 - Stack-based Buffer Overflow

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-137-01