← Back

Garrett

garrett

9 CVEs • 3 products

Products (3)

Click to collapse
Toggle
Ic Module Cma
ic_module_cma
7 CVEs
Ic Module Firmware
ic_module_firmware
2 CVEs
Ic Module
ic_module
0 CVEs

CVEs (9)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-21909
1Garrett
1Ic Module Firmware
Jun 17, 2026
Dec 22, 2021
N/A· v4
8.1 HIGH· v3
5.5 MEDIUM· v2
Specially-crafted command line arguments can lead to arbitrary file deletion in the del .cnt|.log file delete command. An attacker can provide malicious inputs to trigger this vulnerability
CVE-2021-21908
1Garrett
1Ic Module Firmware
Jun 17, 2026
Dec 22, 2021
N/A· v4
6.5 MEDIUM· v3
5.5 MEDIUM· v2
Specially-crafted command line arguments can lead to arbitrary file deletion. The handle_delete function does not attempt to sanitize or otherwise validate the contents of the [file] parameter (passed to the function as...Show more
Specially-crafted command line arguments can lead to arbitrary file deletion. The handle_delete function does not attempt to sanitize or otherwise validate the contents of the [file] parameter (passed to the function as argv[1]), allowing an authenticated attacker to supply directory traversal primitives and delete semi-arbitrary files.Show less
CVE-2021-21907
1Garrett
1Ic Module Cma
Jun 17, 2026
Dec 22, 2021
N/A· v4
4.9 MEDIUM· v3
4.0 MEDIUM· v2
A directory traversal vulnerability exists in the CMA CLI getenv command functionality of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted command line argument can lead to local file inclusion. An...Show more
A directory traversal vulnerability exists in the CMA CLI getenv command functionality of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted command line argument can lead to local file inclusion. An attacker can provide malicious input to trigger this vulnerability.Show less
CVE-2021-21906
1Garrett
1Ic Module Cma
Jun 17, 2026
Dec 22, 2021
N/A· v4
7.2 HIGH· v3
9.0 HIGH· v2
Stack-based buffer overflow vulnerability exists in how the CMA readfile function of Garrett Metal Detectors iC Module CMA Version 5.0 is used at various locations. The Garrett iC Module exposes an authenticated CLI over...Show more
Stack-based buffer overflow vulnerability exists in how the CMA readfile function of Garrett Metal Detectors iC Module CMA Version 5.0 is used at various locations. The Garrett iC Module exposes an authenticated CLI over TCP port 6877. This interface is used by a secondary GUI client, called “CMA Connect”, to interact with the iC Module on behalf of the user. Every time a user submits a password to the CLI password prompt, the buffer containing their input is passed as the password parameter to the checkPassword function.Show less
CVE-2021-21905
1Garrett
1Ic Module Cma
Jun 17, 2026
Dec 22, 2021
N/A· v4
7.2 HIGH· v3
8.5 HIGH· v2
Stack-based buffer overflow vulnerability exists in how the CMA readfile function of Garrett Metal Detectors iC Module CMA Version 5.0 is used at various locations. The Garrett iC Module exposes an authenticated CLI over...Show more
Stack-based buffer overflow vulnerability exists in how the CMA readfile function of Garrett Metal Detectors iC Module CMA Version 5.0 is used at various locations. The Garrett iC Module exposes an authenticated CLI over TCP port 6877. This interface is used by a secondary GUI client, called “CMA Connect”, to interact with the iC Module on behalf of the user. After a client successfully authenticates, they can send plaintext commands to manipulate the device.Show less
CVE-2021-21904
1Garrett
1Ic Module Cma
Jun 17, 2026
Dec 22, 2021
N/A· v4
7.2 HIGH· v3
9.0 HIGH· v2
A directory traversal vulnerability exists in the CMA CLI setenv command of Garrett Metal Detectors’ iC Module CMA Version 5.0. An attacker can provide malicious input to trigger this vulnerability
CVE-2021-21903
1Garrett
1Ic Module Cma
Jun 17, 2026
Dec 22, 2021
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
A stack-based buffer overflow vulnerability exists in the CMA check_udp_crc function of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted packet can lead to a stack-based buffer overflow during a ca...Show more
A stack-based buffer overflow vulnerability exists in the CMA check_udp_crc function of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted packet can lead to a stack-based buffer overflow during a call to strcpy. An attacker can send a malicious packet to trigger this vulnerability.Show less
CVE-2021-21902
1Garrett
1Ic Module Cma
Jun 17, 2026
Dec 22, 2021
N/A· v4
8.1 HIGH· v3
9.3 HIGH· v2
An authentication bypass vulnerability exists in the CMA run_server_6877 functionality of Garrett Metal Detectors iC Module CMA Version 5.0. A properly-timed network connection can lead to authentication bypass via sessi...Show more
An authentication bypass vulnerability exists in the CMA run_server_6877 functionality of Garrett Metal Detectors iC Module CMA Version 5.0. A properly-timed network connection can lead to authentication bypass via session hijacking. An attacker can send a sequence of requests to trigger this vulnerability.Show less
CVE-2021-21901
1Garrett
1Ic Module Cma
Jun 17, 2026
Dec 22, 2021
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
A stack-based buffer overflow vulnerability exists in the CMA check_udp_crc function of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted packet can lead to a stack-based buffer overflow during a ca...Show more
A stack-based buffer overflow vulnerability exists in the CMA check_udp_crc function of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted packet can lead to a stack-based buffer overflow during a call to memcpy. An attacker can send a malicious packet to trigger this vulnerability.Show less