CVE-2022-40994

Vulnerability

A stack-based buffer overflow vulnerability exists in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD firmware version G5.0.1.5-210720-141020. The flaw is specifically in the function that handles the no firmwall keyword WORD description (WORD|null) command template. The command parameter is copied into a fixed-size stack buffer without proper bounds checking, leading to a buffer overflow [1].

Exploitation

An attacker must have administrative privileges (high privileges) to access the CLI interface. By sending a specially crafted network packet containing an overly long parameter for the vulnerable command, the attacker can trigger a stack-based buffer overflow. No user interaction is required. The vulnerability can be exploited remotely over the network [1].

Impact

Successful exploitation allows the attacker to achieve arbitrary command execution on the device. Since the CLI runs with elevated privileges, the attacker can gain full control of the router, leading to complete compromise of confidentiality, integrity, and availability [1].

Mitigation

As of the publication date (2023-01-26), no patch has been released by the vendor. Mitigation strategies include restricting network access to the CLI interface to trusted users and monitoring for suspicious activity. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog [1].