CVE-2022-41006

Vulnerability

A stack-based buffer overflow vulnerability exists in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD firmware version G5.0.1.5-210720-141020 [1]. The flaw resides in the function that handles the no ip static route destination A.B.C.D gateway A.B.C.D mask A.B.C.D metric <0-10> interface (lan|wan|vpn) description WORD command template. The use of sprintf without proper bounds checking on user-supplied parameters allows an attacker to overflow a stack buffer [1].

Exploitation

An attacker must first authenticate to the router's CLI interface (e.g., via SSH or telnet) with high privileges (administrator level) [1]. By sending a crafted command with an overly long parameter in the description WORD field, the attacker triggers a stack-based buffer overflow. The CVSS vector indicates network access is required, and no user interaction is needed beyond the authenticated session [1].

Impact

Successful exploitation leads to arbitrary command execution on the device with root privileges. This can result in full compromise of the router, including disclosure of sensitive data, modification of configuration, and denial of service [1]. The CVSSv3 score is 7.2 (High) with impacts to confidentiality, integrity, and availability all rated as High [1].

Mitigation

As of the publication date (2023-01-26), no official fix or firmware update has been announced by Siretta in the available reference [1]. Users are advised to restrict access to the CLI interface to trusted administrators and monitor for vendor updates. The product may be end-of-life; contact Siretta for support.