CVE-2022-41005

Vulnerability

A stack-based buffer overflow vulnerability exists in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD firmware version G5.0.1.5-210720-141020. The flaw resides in the function that handles the ip static route destination A.B.C.D gateway A.B.C.D mask A.B.C.D metric <0-10> interface (lan|van|vpn) description WORD command template. The vulnerability is a classic buffer overflow (CWE-120) caused by the use of sprintf with user-supplied parameters without proper bounds checking [1].

Exploitation

An attacker must have administrative access (high privileges) to the QUARTZ-GOLD router's CLI. The attack is network-based and requires no user interaction. The attacker sends a specially crafted sequence of requests containing oversized input in one of the command parameters, which overflows the stack-based buffer during parsing by sprintf [1].

Impact

Successful exploitation leads to arbitrary command execution on the device, with full system privileges as the DetranCLI process runs with root-level permissions. This results in complete compromise of confidentiality, integrity, and availability (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, score 7.2) [1].

Mitigation

As of the publication date (2023-01-26), the vendor had not released a fixed firmware version. The only available reference confirms the vulnerability in version G5.0.1.5-210720-141020 [1]. No workaround is documented. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog at the time of writing.