Total
64 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-39045 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2023-02-02 | N/A | 8.8 HIGH |
| A file write vulnerability exists in the httpd upload.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2022-40220 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2023-02-02 | N/A | 8.8 HIGH |
| An OS command injection vulnerability exists in the httpd txt/restore.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2022-40222 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2023-02-02 | N/A | 9.8 CRITICAL |
| An OS command injection vulnerability exists in the m2m DELETE_FILE cmd functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability. | |||||
| CVE-2022-40701 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2023-02-02 | N/A | 8.1 HIGH |
| A directory traversal vulnerability exists in the httpd delfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to arbitrary file deletion. An attacker can send an HTTP request to trigger this vulnerability. | |||||