{"containers": {"cna": {"affected": [{"product": "COMPACT DC-S BASIC", "vendor": "CIRCUTOR", "versions": [{"status": "affected", "version": "CIR_CDC_v1.2.17"}]}], "credits": [{"lang": "en", "value": "Angel Garcia Moreno reported this vulnerability to CISA."}], "datePublic": "2022-05-17T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "A buffer overflow vulnerability has been detected in the firewall function of the device management web portal. The device runs a CGI binary (index.cgi) to offer a management web application. Once authenticated with valid credentials in this web portal, a potential attacker could submit any \"Address\" value and it would be copied to a second variable with a \"strcpy\" vulnerable function without checking its length. Because of this, it is possible to send a long address value to overflow the process stack, controlling the function return address."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-05-24T17:38:36.000Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-137-01"}], "source": {"advisory": "ICSA-22-137-01", "discovery": "EXTERNAL"}, "title": "Circutor COMPACT DC-S BASIC", "workarounds": [{"lang": "en", "value": "Circutor has not responded to requests to work with CISA to mitigate this vulnerability. Users of these affected products are invited to contact Circutor customer support for additional information."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2022-05-17T18:31:00.000Z", "ID": "CVE-2022-1669", "STATE": "PUBLIC", "TITLE": "Circutor COMPACT DC-S BASIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "COMPACT DC-S BASIC", "version": {"version_data": [{"version_affected": "=", "version_name": "CIR_CDC_v1.2.17", "version_value": "CIR_CDC_v1.2.17"}]}}]}, "vendor_name": "CIRCUTOR"}]}}, "credit": [{"lang": "eng", "value": "Angel Garcia Moreno reported this vulnerability to CISA."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A buffer overflow vulnerability has been detected in the firewall function of the device management web portal. The device runs a CGI binary (index.cgi) to offer a management web application. Once authenticated with valid credentials in this web portal, a potential attacker could submit any \"Address\" value and it would be copied to a second variable with a \"strcpy\" vulnerable function without checking its length. Because of this, it is possible to send a long address value to overflow the process stack, controlling the function return address."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-121 Stack-based Buffer Overflow"}]}]}, "references": {"reference_data": [{"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-137-01", "refsource": "MISC", "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-137-01"}]}, "source": {"advisory": "ICSA-22-137-01", "discovery": "EXTERNAL"}, "work_around": [{"lang": "en", "value": "Circutor has not responded to requests to work with CISA to mitigate this vulnerability. Users of these affected products are invited to contact Circutor customer support for additional information."}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:10:03.719Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-137-01"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-16T15:51:49.403979Z", "id": "CVE-2022-1669", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-16T16:18:54.034Z"}}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2022-1669", "datePublished": "2022-05-24T17:38:36.592Z", "dateReserved": "2022-05-10T00:00:00.000Z", "dateUpdated": "2025-04-16T16:18:54.034Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-137-01", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:10:03.719Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-1669", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-16T15:51:49.403979Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-16T15:51:51.440Z"}}], "cna": {"title": "Circutor COMPACT DC-S BASIC", "source": {"advisory": "ICSA-22-137-01", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "value": "Angel Garcia Moreno reported this vulnerability to CISA."}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "CIRCUTOR", "product": "COMPACT DC-S BASIC", "versions": [{"status": "affected", "version": "CIR_CDC_v1.2.17"}]}], "datePublic": "2022-05-17T00:00:00.000Z", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-137-01", "tags": ["x_refsource_MISC"]}], "workarounds": [{"lang": "en", "value": "Circutor has not responded to requests to work with CISA to mitigate this vulnerability. Users of these affected products are invited to contact Circutor customer support for additional information."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "descriptions": [{"lang": "en", "value": "A buffer overflow vulnerability has been detected in the firewall function of the device management web portal. The device runs a CGI binary (index.cgi) to offer a management web application. Once authenticated with valid credentials in this web portal, a potential attacker could submit any \"Address\" value and it would be copied to a second variable with a \"strcpy\" vulnerable function without checking its length. Because of this, it is possible to send a long address value to overflow the process stack, controlling the function return address."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2022-05-24T17:38:36.000Z"}, "x_legacyV4Record": {"credit": [{"lang": "eng", "value": "Angel Garcia Moreno reported this vulnerability to CISA."}], "impact": {"cvss": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, "source": {"advisory": "ICSA-22-137-01", "discovery": "EXTERNAL"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_name": "CIR_CDC_v1.2.17", "version_value": "CIR_CDC_v1.2.17", "version_affected": "="}]}, "product_name": "COMPACT DC-S BASIC"}]}, "vendor_name": "CIRCUTOR"}]}}, "data_type": "CVE", "generator": {"engine": "Vulnogram 0.0.9"}, "references": {"reference_data": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-137-01", "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-137-01", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "A buffer overflow vulnerability has been detected in the firewall function of the device management web portal. The device runs a CGI binary (index.cgi) to offer a management web application. Once authenticated with valid credentials in this web portal, a potential attacker could submit any \"Address\" value and it would be copied to a second variable with a \"strcpy\" vulnerable function without checking its length. Because of this, it is possible to send a long address value to overflow the process stack, controlling the function return address."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-121 Stack-based Buffer Overflow"}]}]}, "work_around": [{"lang": "en", "value": "Circutor has not responded to requests to work with CISA to mitigate this vulnerability. Users of these affected products are invited to contact Circutor customer support for additional information."}], "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2022-1669", "STATE": "PUBLIC", "TITLE": "Circutor COMPACT DC-S BASIC", "ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2022-05-17T18:31:00.000Z"}}}}, "cveMetadata": {"cveId": "CVE-2022-1669", "state": "PUBLISHED", "dateUpdated": "2025-04-16T16:18:54.034Z", "dateReserved": "2022-05-10T00:00:00.000Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2022-05-24T17:38:36.592Z", "assignerShortName": "icscert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:circutor:compact_dc-s_basic_firmware:1.2.17:*:*:*:*:*:*:*", "matchCriteriaId": "EF4F1A36-3E03-4F15-BB01-2F6B759FD683", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:circutor:compact_dc-s_basic:-:*:*:*:*:*:*:*", "matchCriteriaId": "F13E8571-BE1E-4041-81F8-0F59713927DE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A buffer overflow vulnerability has been detected in the firewall function of the device management web portal. The device runs a CGI binary (index.cgi) to offer a management web application. Once authenticated with valid credentials in this web portal, a potential attacker could submit any \"Address\" value and it would be copied to a second variable with a \"strcpy\" vulnerable function without checking its length. Because of this, it is possible to send a long address value to overflow the process stack, controlling the function return address."}, {"lang": "es", "value": "Se ha detectado una vulnerabilidad de desbordamiento de b\u00fafer en la funci\u00f3n de firewall del portal web de administraci\u00f3n del dispositivo. El dispositivo ejecuta un binario CGI (index.cgi) para ofrecer una aplicaci\u00f3n web de administraci\u00f3n. Una vez autenticado con credenciales v\u00e1lidas en este portal web, un potencial atacante podr\u00eda enviar cualquier valor \"Address\" y \u00e9ste ser\u00eda copiado a una segunda variable con una funci\u00f3n vulnerable \"strcpy\" sin comprobar su longitud. Debido a esto, es posible enviar un valor de direcci\u00f3n largo para desbordar la pila del proceso, controlando la direcci\u00f3n de retorno de la funci\u00f3n"}], "id": "CVE-2022-1669", "lastModified": "2024-11-21T06:41:13.163", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 5.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.2, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-05-24T18:15:08.353", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-137-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-137-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}

{}