CVE-2022-40986

Vulnerability

A stack-based buffer overflow exists in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD firmware version G5.0.1.5-210720-141020. The vulnerability is triggered when handling the (ddns1|ddns2) mx WORD command template due to an unsafe sprintf() call that copies user-supplied input into a fixed-size stack buffer without proper bounds checking. This vulnerability is a classic buffer overflow (CWE-120) and affects the DetranCLI binary which manages router configuration. [1]

Exploitation

An attacker must have administrative access (high privileges) to the QUARTZ-GOLD's CLI interface over the network. No user interaction is required beyond sending a crafted sequence of commands. The attacker provides an overly long string as the WORD parameter in the (ddns1|ddns2) mx WORD command, which directly overflows the stack buffer when processed by the vulnerable sprintf() pattern. [1]

Impact

Successful exploitation allows an attacker to execute arbitrary commands on the device with root privileges. The impact includes complete compromise of confidentiality, integrity, and availability (CIA) of the router, as the attacker can modify configurations, intercept traffic, or render the device inoperable. [1]

Mitigation

Siretta has not released a firmware patch as of the publication date; users are advised to restrict network access to the CLI interface to trusted administrators only. The vulnerable version is G5.0.1.5-210720-141020, and no workaround is available that fully addresses the buffer overflow. [1]