CVE-2022-41012

Vulnerability

A stack-based buffer overflow exists in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020, specifically in the function that handles the no schedule link1 WORD link2 WORD policy (failover|backup) description (WORD|null) command template. The vulnerability is caused by copying user-controlled input into a fixed-size stack buffer without proper bounds checking (CWE-120). [1]

Exploitation

An attacker must have administrative (privileged) access to the DetranCLI interface, requiring valid credentials. The attacker sends a specially crafted network packet containing an overly long argument for one of the WORD parameters in the affected command template, leading to a stack-based buffer overflow. No user interaction beyond authentication is needed. [1]

Impact

Successful exploitation allows arbitrary command execution with root privileges on the device. The attacker can fully compromise the confidentiality, integrity, and availability (CIA) of the router, including reading, modifying, or deleting sensitive data and potentially using the device as a pivot point in the network. [1]

Mitigation

As of publication, Siretta has not released a patched firmware version. The latest available version (G5.0.1.5-210720-141020) remains vulnerable. No workaround has been provided by the vendor. Restricting administrative access to the DetranCLI interface via network segmentation and strong authentication can reduce the attack surface. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog. [1]