CVE-2022-41002

Vulnerability

A stack-based buffer overflow vulnerability exists in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD firmware version G5.0.1.5-210720-141020. The flaw resides in the function that processes the no icmp check link WORD destination WORD interval <1-255> retries <1-255> description (WORD|null) command template. When user-supplied parameters are copied into a fixed-size stack buffer using sprintf without proper bounds checking, an attacker can overflow the buffer and overwrite adjacent memory [1].

Exploitation

An attacker must have network access to the router and possess high privileges (administrative credentials) to interact with the DetranCLI interface. By sending a specially crafted network packet containing an overly long parameter in the vulnerable command template, the attacker triggers the buffer overflow. The sequence involves authenticating to the router's CLI and issuing the malformed command [1].

Impact

Successful exploitation allows the attacker to achieve arbitrary command execution with root privileges on the device. This results in full compromise of confidentiality, integrity, and availability, as the attacker can read, modify, or delete sensitive data, install malware, or disrupt router operations [1].

Mitigation

As of the publication date (2023-01-26), no official patch or firmware update has been released by Siretta to address this vulnerability. The vendor has not confirmed a fix timeline. As a workaround, restrict network access to the router's management interface to trusted hosts only and disable the DetranCLI service if not required. This CVE is not listed in the CISA Known Exploited Vulnerabilities catalog [1].