CVE-2022-41010

Vulnerability

A stack-based buffer overflow vulnerability exists in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD firmware version G5.0.1.5-210720-141020. The flaw is triggered when processing the 'no port triger protocol (tcp|udp|tcp/udp) triger port <1-65535> forward port <1-65535> description WORD' command template. The vulnerable code uses sprintf(stack_buffer, format_string, command_parameter_1, ...) without proper bounds checking, allowing an attacker to overflow the stack [1].

Exploitation

An attacker with authenticated access to the DetranCLI (required high privileges, CVSSv3 PR:H) can send a specially crafted sequence of network packets to the router's management interface. The crafted input, when parsed by the vulnerable command handler, overwrites the stack buffer and corrupts adjacent memory, enabling arbitrary command execution. No user interaction beyond authentication is needed [1].

Impact

Successful exploitation grants the attacker arbitrary command execution on the device with root privileges. This allows full compromise of confidentiality, integrity, and availability (CVSSv3 base score 7.2, AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). The attacker can install persistent backdoors, exfiltrate sensitive data, or disrupt network operations [1].

Mitigation

As of the publication date (2023-01-26), no official patch or firmware update has been released by Siretta to address this vulnerability. The vulnerable version QUARTZ-GOLD G5.0.1.5-210720-141020 remains affected. Mitigation options include restricting network access to the management interface (e.g., via firewall rules) and ensuring the device is not exposed to untrusted networks. Users should monitor vendor advisories for future updates [1].