Circutor COMPACT DC-S BASIC
CVE-2022-1669

6.8MEDIUM

Key Information:

Vendor: Circutor
Status: Compact Dc-s Basic
Vendor: CVE Published:; 24 May 2022

What is CVE-2022-1669?

A buffer overflow vulnerability has been detected in the firewall function of the device management web portal. The device runs a CGI binary (index.cgi) to offer a management web application. Once authenticated with valid credentials in this web portal, a potential attacker could submit any "Address" value and it would be copied to a second variable with a "strcpy" vulnerable function without checking its length. Because of this, it is possible to send a long address value to overflow the process stack, controlling the function return address.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

COMPACT DC-S BASIC CIR_CDC_v1.2.17

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-137-01

x_refsource_MISC

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 24, 2022
Vulnerability Reserved
May 10, 2022

Credit

Angel Garcia Moreno reported this vulnerability to CISA.

JSON

Circutor

What is CVE-2022-1669?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.