CVE-2022-41004
Description
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no ip nat outside source (udp|tcp|all) (WORD|null) WORD to A.B.C.D (WORD|null) description (WORD|null)' command template.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Multiple stack-based buffer overflows in Siretta QUARTZ-GOLD DetranCLI allow authenticated remote attackers to execute arbitrary commands via a crafted network packet.
Vulnerability
The Siretta QUARTZ-GOLD industrial router (firmware version G5.0.1.5-210720-141020) contains multiple stack-based buffer overflow vulnerabilities in the DetranCLI command parsing binary. Specifically, the function handling the 'no ip nat outside source (udp|tcp|all) (WORD|null) WORD to A.B.C.D (WORD|null) description (WORD|null)' command template uses a vulnerable sprintf pattern that copies user-supplied parameters into a fixed-size stack buffer without bounds checking [1]. This flaw is classified as CWE-120 (Buffer Copy without Checking Size of Input) [1]. Affected version: Siretta QUARTZ-GOLD G5.0.1.5-210720-141020 [1].
Exploitation
An attacker must have authenticated access to the router's CLI via the DetranCLI interface (e.g., SSH, serial console) and then send a specially-crafted sequence of commands that supply an overly long argument to one of the parameters in the affected command template. The overflow occurs when the malformed parameter is copied into the stack buffer, overwriting adjacent memory including the return address [1]. No user interaction beyond authentication is required; the attack is performed by sending the sequence of malicious requests over the network [1].
Impact
Successful exploitation of this buffer overflow allows the attacker to achieve arbitrary command execution on the device. Given the CVSSv3 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) [1], the attacker gains full compromise of confidentiality, integrity, and availability of the router's operating system at the privilege level of the CLI process (likely root). The attacker does not need any additional privileges beyond administrative access to the CLI.
Mitigation
As of the publication date (2023-01-26), no vendor-supplied patch or firmware update has been announced to address these vulnerabilities [1]. The only mitigation is to restrict access to the DetranCLI interface to trusted, authorized users only, and to monitor for unusual command sequences. If the device is no longer supported or reaches end-of-life, replacement with a supported model should be considered. This vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog as of this writing.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: = G5.0.1.5-210720-141020
- Siretta/QUARTZ-GOLDv5Range: G5.0.1.5-210720-141020
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.