CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-1669 – Circutor COMPACT DC-S BASIC
https://notcve.org/view.php?id=CVE-2022-1669
24 May 2022 — A buffer overflow vulnerability has been detected in the firewall function of the device management web portal. The device runs a CGI binary (index.cgi) to offer a management web application. Once authenticated with valid credentials in this web portal, a potential attacker could submit any "Address" value and it would be copied to a second variable with a "strcpy" vulnerable function without checking its length. Because of this, it is possible to send a long address value to overflow the process stack, con... • https://www.cisa.gov/uscert/ics/advisories/icsa-22-137-01 • CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2021-26777
https://notcve.org/view.php?id=CVE-2021-26777
02 Dec 2021 — Buffer overflow vulnerability in function SetFirewall in index.cgi in CIRCUTOR COMPACT DC-S BASIC smart metering concentrator Firwmare version CIR_CDC_v1.2.17, allows attackers to execute arbitrary code. Una vulnerabilidad de desbordamiento de búfer en la función SetFirewall en el archivo index.cgi en el concentrador de medición inteligente CIRCUTOR COMPACT DC-S BASIC versión CIR_CDC_v1.2.17, permite a atacantes ejecutar código arbitrario • https://github.com/Ell0/plc_concentrator_vulns • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •