CVE-2022-40987

Vulnerability

A stack-based buffer overflow vulnerability exists in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD router firmware version G5.0.1.5-210720-141020 [1]. The flaw is located in the function that handles the (ddns1|ddns2) username WORD password CODE command template. The use of sprintf without proper bounds checking leads to a buffer overflow when a long string is supplied for the WORD parameter [1].

Exploitation

An attacker must have administrative privileges (PR:H) to access the DetranCLI interface via SSH, web, or local console. By sending a specially crafted sequence of requests containing an overly long username parameter in the DDNS configuration command, the attacker can trigger the stack-based buffer overflow [1]. No user interaction is required beyond the initial authenticated session.

Impact

Successful exploitation allows arbitrary command execution with root privileges on the device. This results in full compromise of confidentiality, integrity, and availability, enabling the attacker to install malware, exfiltrate data, or disrupt network services [1].

Mitigation

As of the publication date, no patched firmware version has been released by Siretta [1]. The vendor has confirmed the vulnerability but a fix is not available. Administrators should restrict access to the CLI interface to trusted users only and monitor for suspicious activity. The device is not listed on CISA's Known Exploited Vulnerabilities catalog.