CVE-2022-40997

Vulnerability

A stack-based buffer overflow exists in the DetranCLI command parsing of Siretta QUARTZ-GOLD firmware version G5.0.1.5-210720-141020. Specifically, the function handling the gre index <1-8> destination A.B.C.D/M description (WORD|null) command template uses sprintf without proper bounds checking, allowing an attacker to overflow a stack buffer [1]. This vulnerability is classified as CWE-120 (Buffer Copy without Checking Size of Input) [1].

Exploitation

An attacker must have high privileges (CVSSv3 PR:H) to access the DetranCLI interface, typically requiring administrative credentials. By sending a specially-crafted network packet containing an overly long parameter in the gre index command, the attacker can trigger a stack-based buffer overflow [1]. The attack is network-based (AV:N) and does not require user interaction (UI:N) [1].

Impact

Successful exploitation allows arbitrary command execution on the device with the privileges of the DetranCLI process, leading to full compromise of confidentiality, integrity, and availability (CVSSv3 base score 7.2) [1]. The attacker can execute arbitrary commands, potentially gaining persistent access to the router.

Mitigation

As of the publication date (2023-01-26), no fix has been disclosed in the available references [1]. The vendor, Siretta, has not released a patched firmware version. Users should restrict network access to the router's management interface and apply the principle of least privilege to reduce exposure.