CVE-2022-40989

Vulnerability

A stack-based buffer overflow exists in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD router firmware version G5.0.1.5-210720-141020. The vulnerability is triggered when the bandwidth WORD dlrate <1-9999> dlceil <1-9999> ulrate <1-9999> ulceil <1-9999> priority (highest|high|normal|low|lowest) command template is processed. The affected function uses a pattern such as sprintf(stack_buffer, format_string, command_parameter_1, ...) without proper bounds checking, leading to a classic buffer overflow (CWE-120) [1].

Exploitation

An attacker must first authenticate to the router's CLI (i.e., have local access to the DetranCLI) and then send a sequence of specially-crafted requests that supply overly long command parameters. The overflow occurs on the stack when the format string is processed, allowing the attacker to overwrite critical memory regions [1].

Impact

Successful exploitation results in arbitrary command execution on the target device with high privileges (root). The attacker can achieve full compromise of the router's confidentiality, integrity, and availability (CIA), leading to potential network persistence, data exfiltration, or disruption of services [1].

Mitigation

As of the publication date, the vendor has not released a patched firmware version. Siretta QUARTZ-GOLD users should restrict CLI access to trusted administrators, monitor for unauthorized login attempts, and apply any future firmware updates as soon as they become available [1].