← Back

Compact Dc S Basic Firmware

compact_dc-s_basic_firmware

Vendor: Circutor • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-1669
1Circutor
1Compact Dc S Basic Firmware
Nov 21, 2024
May 24, 2022
N/A· v4
8.1 HIGH· v3
5.5 MEDIUM· v2
A buffer overflow vulnerability has been detected in the firewall function of the device management web portal. The device runs a CGI binary (index.cgi) to offer a management web application. Once authenticated with vali...Show more
A buffer overflow vulnerability has been detected in the firewall function of the device management web portal. The device runs a CGI binary (index.cgi) to offer a management web application. Once authenticated with valid credentials in this web portal, a potential attacker could submit any "Address" value and it would be copied to a second variable with a "strcpy" vulnerable function without checking its length. Because of this, it is possible to send a long address value to overflow the process stack, controlling the function return address.Show less
CVE-2021-26777
1Circutor
1Compact Dc S Basic Firmware
Nov 21, 2024
Dec 2, 2021
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
Buffer overflow vulnerability in function SetFirewall in index.cgi in CIRCUTOR COMPACT DC-S BASIC smart metering concentrator Firwmare version CIR_CDC_v1.2.17, allows attackers to execute arbitrary code.