all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Vulnerability Spotlight: OS command injection, directory traversal and other vulnerabilities found in Siretta Quartz-Gold and FreshTomato

Add to bookmarks
Jan. 26, 2023, 10:15 p.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

Francesco Benvenuto of Cisco Talos discovered these vulnerabilities.

Cisco Talos recently discovered several vulnerabilities in the Siretta Quartz-Gold router. Talos also discovered vulnerabilities in FreshTomato while investigating the Siretta router.

The Siretta Quartz-Gold is an industrial cellular router with several features and services, such as: SSH, UPNP, VPN, SNMP and many others. FreshTomato is an open source firmware based on Linux. The firmware offers several features for Broadcom-based routers.

Quartz-Gold Vulnerabilities

Several OS command injection vulnerabilities were found which could …

cellular cisco cisco talos command command injection directory directory traversal features firmware industrial injection linux open source router services snmp spotlight ssh talos upnp vpn vulnerabilities vulnerability vulnerability spotlight

Visit resource

More from malware.news / Malware Analysis, News and Indicators - Latest topics

After a 19-month saga, Broadcom finally patches Brocade SANnav bugs 8 minutes ago | malware.news
article broadcom brocade bugs +9
Navigating the cyber seas: Clarity, compliance, and unified endpoint management 8 minutes ago | malware.news
article can clarity compass +10
These SMBs are hot threat targets but they're shrugging off security help an hour ago | malware.news
article companies cybersecurity demand +11
Defending Against ArcaneDoor: How Eclypsium Protects Network Devices 2 hours ago | malware.news
actor adaptive security arcanedoor asa +25
NSA Highlights AI System Security Guidelines 2 hours ago | malware.news
advisory base can companies +23
The private sector probably isn’t coming to save the NVD 2 hours ago | malware.news
analysis backlog coming cves +16
SBOM and the Bill that is Coming 3 hours ago | malware.news
big bill bills coming +9
Micropatches Released for Windows MSHTML Platform Remote Code Execution Vulnerability (CVE-2023-35628) 4 hours ago | malware.news
access akamai application attacker +25
Beware of Fake PoC Repositories & Malicious Code on GitHub 4 hours ago | malware.news
amp article code concept +14

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Physical Security Operations Center - Supervisor

@ Equifax | USA-GA-Alpharetta-JVW3
View on infosec-jobs.com

Network Cybersecurity Engineer - Overland Park, KS Hybrid

@ Black & Veatch | Overland Park, KS, US
View on infosec-jobs.com

Cloud Security Engineer

@ Point72 | United States
View on infosec-jobs.com

Technical Program Manager, Security and Compliance, Cloud Compute

@ Google | New York City, USA; Kirkland, WA, USA
View on infosec-jobs.com

EWT Security | Vulnerability Management Analyst - AM

@ KPMG India | Gurgaon, Haryana, India
View on infosec-jobs.com
View more jobs