Security flaws have been uncovered in a networking component in Garrett Metal Detectors which could allow remote attackers bypass authentication requirements, tamper with metal detector configurations and even execute arbitrary code on the devices.
Cisco Talos noted in a disclosure publicized that “An attacker could manipulate this module to remotely monitor statistics on the metal detector, such as whether the alarm has been triggered or how many visitors have walked through, they could also make configuration changes, such as altering the sensitivity level of a device, which potentially poses a security risk to users who rely on these metal detectors.”
Matt Wiseman has been credited with discovering and reporting these vulnerabilities on August 17, 2021. Patches have been released by the vendor on December 13, 2021
The flaws reside in Garrett iC Module, which enables users to communicate to walk-through metal detectors like Garrett PD 6500i or Garrett MZ 6100 using a computer through the network, either wired or wirelessly. It allows customers to control and monitor the devices from a remote location in real-time.
The list of security vulnerabilities is below –
CVE-2021-21901 (CVSS score: 9.8), CVE-2021-21903 (CVSS score: 9.8), CVE-2021-21905, and CVE-2021-21906 (CVSS scores: 8.2) – Stack-based buffer overflow vulnerabilities that can be triggered by sending a malicious packet to the device.
CVE-2021-21902 (CVSS score: 7.5) – An authentication bypass vulnerability stemming from a race condition that can be triggered by sending a sequence of requests.
CVE-2021-21904 (CVSS score: 9.1), CVE-2021-21907 (CVSS score: 4.9), CVE-2021-21908, and CVE-2021-21909 (CVSS scores: 6.5) – Directory traversal vulnerabilities that could be exploited by sending specially crafted commands.
Where a successful exploitation of the aforementioned flaws in iC Module CMA version 5.0 occurs it could allow an attacker to hijack an authenticated users session, read, write, or delete arbitrary files on the device and worse lead to remote code execution.
Users are highly recommended to update to the latest version of the firmware as soon as possible.