VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 26, 2023· Updated Nov 4, 2025

CVE-2022-41007

CVE-2022-41007

Description

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'port redirect protocol (tcp|udp|tcp/udp) inport <1-65535> dstaddr A.B.C.D export <1-65535> description WORD' command template.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Stack-based buffer overflow in Siretta QUARTZ-GOLD DetranCLI command parsing allows remote authenticated attackers to execute arbitrary commands.

Vulnerability

A stack-based buffer overflow vulnerability exists in the port redirect protocol command parser of the DetranCLI binary on Siretta QUARTZ-GOLD routers running firmware version G5.0.1.5-210720-141020 [1]. The flaw occurs when the sprintf() function copies user-supplied parameters (e.g., tcp|udp|tcp/udp, inport <1-65535>, dstaddr A.B.C.D, export <1-65535>, description WORD) into a fixed-size stack buffer without proper bounds checking [1]. This pattern affects the command template 'port redirect protocol (tcp|udp|tcp/udp) inport <1-65535> dstaddr A.B.C.D export <1-65535> description WORD' [1].

Exploitation

An attacker must have administrative access (High privileges) to the router's CLI [1]. The attacker sends a sequence of specially-crafted network packets containing excessively long parameters in the port redirect command [1]. The vulnerable sprintf() call overflows the stack buffer [1]. No user interaction beyond authentication is required [1].

Impact

Successful exploitation allows arbitrary command execution on the device with root privileges [1]. The attacker can fully compromise confidentiality, integrity, and availability of the router (CVSS 7.2, HIGH) [1].

Mitigation

As of publication date 2023-01-26, no fixed version was available from Siretta [1]. The affected firmware G5.0.1.5-210720-141020 remains vulnerable with no known workaround [1]. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog as of that date [1].

References
  1. TALOS-2022-1613 || Cisco Talos Intelligence Group

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Siretta/QUARTZ-GOLDllm-fuzzy
    Range: = G5.0.1.5-210720-141020
  • Siretta/QUARTZ-GOLDv5
    Range: G5.0.1.5-210720-141020

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.