CVE-2022-41008

Vulnerability

The vulnerability is a stack-based buffer overflow in the DetranCLI command parsing of Siretta QUARTZ-GOLD firmware version G5.0.1.5-210720-141020. Specifically, the function handling the 'no port redirect protocol (tcp|udp|tcp/udp) inport <1-65535> dstaddr A.B.C.D export <1-65535> description WORD' command uses sprintf to copy user-supplied parameters into a fixed-size stack buffer without bounds checking, leading to overflow [1]. The vulnerability is present in the DetranCLI binary which provides the router's console interface.

Exploitation

An attacker must have administrative privileges (high privileges) to access the DetranCLI and send the crafted command. The attacker sends a specially-crafted network packet containing the vulnerable command with overly long parameters, causing a stack buffer overflow. The overflow can overwrite the return address and other stack data, leading to arbitrary command execution [1]. No user interaction beyond authentication is required.

Impact

Successful exploitation allows the attacker to execute arbitrary commands on the router with root privileges, leading to full compromise of the device. This can result in disclosure of sensitive information, modification of device configuration, and denial of service. The CVSS score is 7.2 (High) with vector AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H [1].

Mitigation

As of the advisory publication date (2023-01-26), no patch has been released by Siretta. The vendor has confirmed the vulnerability but no fixed version is available. Users should restrict network access to the router's management interfaces and apply the principle of least privilege to limit exposure. The device is not listed on CISA's Known Exploited Vulnerabilities catalog as of the advisory date [1].