{"vulnerability": "CVE-2021-2190", "sightings": [{"uuid": "976ca139-cc4c-4973-b851-b8c2b3ea4589", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-21907", "type": "seen", "source": "https://t.me/cibsecurity/34545", "content": "\u203c CVE-2021-21907 \u203c\n\nA directory traversal vulnerability exists in the CMA CLI getenv command functionality of Garrett Metal Detectors\u00e2\u20ac\u2122 iC Module CMA Version 5.0. A specially-crafted command line argument can lead to local file inclusion. An attacker can provide malicious input to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-22T22:23:49.000000Z"}, {"uuid": "02e31257-66c8-476a-a417-417c86af8662", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-21904", "type": "seen", "source": "https://t.me/cibsecurity/34537", "content": "\u203c CVE-2021-21904 \u203c\n\nA directory traversal vulnerability exists in the CMA CLI setenv command of Garrett Metal Detectors\u00e2\u20ac\u2122 iC Module CMA Version 5.0. An attacker can provide malicious input to trigger this vulnerability\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-22T22:23:37.000000Z"}, {"uuid": "e868c20c-17b8-4f8f-b0dc-47c10e0c87dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-21903", "type": "seen", "source": "https://t.me/cibsecurity/34534", "content": "\u203c CVE-2021-21903 \u203c\n\nA stack-based buffer overflow vulnerability exists in the CMA check_udp_crc function of Garrett Metal Detectors\u00e2\u20ac\u2122 iC Module CMA Version 5.0. A specially-crafted packet can lead to a stack-based buffer overflow during a call to strcpy. An attacker can send a malicious packet to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-22T22:23:32.000000Z"}, {"uuid": "563c1d55-537b-42ba-a6dc-59fd2789c467", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-21906", "type": "seen", "source": "https://t.me/cibsecurity/34528", "content": "\u203c CVE-2021-21906 \u203c\n\nStack-based buffer overflow vulnerability exists in how the CMA readfile function of Garrett Metal Detectors iC Module CMA Version 5.0 is used at various locations. The Garrett iC Module exposes an authenticated CLI over TCP port 6877. This interface is used by a secondary GUI client, called \u00e2\u20ac\u0153CMA Connect\u00e2\u20ac\ufffd, to interact with the iC Module on behalf of the user. Every time a user submits a password to the CLI password prompt, the buffer containing their input is passed as the password parameter to the checkPassword function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-22T22:23:24.000000Z"}, {"uuid": "51a83c64-2bee-43b7-b8f7-5c17cc25c918", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-21901", "type": "seen", "source": "https://t.me/cibsecurity/34530", "content": "\u203c CVE-2021-21901 \u203c\n\nA stack-based buffer overflow vulnerability exists in the CMA check_udp_crc function of Garrett Metal Detectors\u00e2\u20ac\u2122 iC Module CMA Version 5.0. A specially-crafted packet can lead to a stack-based buffer overflow during a call to memcpy. An attacker can send a malicious packet to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-22T22:23:27.000000Z"}, {"uuid": "b4b43e20-c4a2-45e6-896d-6e50ca9269bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-21909", "type": "seen", "source": "https://t.me/cibsecurity/34529", "content": "\u203c CVE-2021-21909 \u203c\n\nSpecially-crafted command line arguments can lead to arbitrary file deletion in the del .cnt|.log file delete command. An attacker can provide malicious inputs to trigger this vulnerability\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-22T22:23:25.000000Z"}, {"uuid": "3673ef63-ee25-4e69-8f0b-236f8fe0d80b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-21900", "type": "seen", "source": "https://t.me/cibsecurity/32735", "content": "\u203c CVE-2021-21900 \u203c\n\nA code execution vulnerability exists in the dxfRW::processLType() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dxf file can lead to a use-after-free vulnerability. An attacker can provide a malicious file to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-19T22:17:07.000000Z"}, {"uuid": "965f398e-e69b-4534-8ce6-1068900bd75a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-21901", "type": "seen", "source": "https://gist.github.com/alon710/4e65066b15579c2c3762c52212c733a8", "content": "", "creation_timestamp": "2026-02-01T14:20:50.000000Z"}]}