Main Vulnerability Database Vulnerabilities #VU59329

#VU59329 Stack-based buffer overflow in Garrett Metal Detectors iC Module CMA - CVE-2021-21906

Published: January 10, 2022

Vulnerability identifier: #VU59329

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-21906

CWE-ID: CWE-121

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Garrett Metal Detectors iC Module CMA

Software vendor:
Garrett Metal Detectors

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the "checkPassword" CMA readfile function. A remote administrator can use a specially crafted file, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install updates from vendor's website.

External links

https://talosintelligence.com/vulnerability_reports/TALOS-2021-1357

#VU59329 Stack-based buffer overflow in Garrett Metal Detectors iC Module CMA - CVE-2021-21906

Description

Remediation

External links

Please verify you're human