CVE-2022-41013

Vulnerability

A stack-based buffer overflow vulnerability exists in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD industrial router firmware version G5.0.1.5-210720-141020. The flaw resides in the function that handles the command template 'static dhcp mac WORD (WORD|null) ip A.B.C.D hostname (WORD|null) description (WORD|null)'. The parsing logic uses sprintf without proper bounds checking, allowing an attacker to overflow a stack buffer by supplying an overly long parameter value [1].

Exploitation

An attacker must first authenticate to the device's CLI interface (requiring high privileges). Once authenticated, the attacker can send a sequence of specially-crafted network packets that trigger the vulnerable command parsing. No additional user interaction is required beyond the initial authentication. The overflow occurs during the processing of the crafted command parameters, leading to control-flow hijacking [1].

Impact

Successful exploitation grants arbitrary command execution on the device, typically with root privileges. This enables a full compromise of the router, allowing the attacker to read sensitive data, modify configuration, launch further attacks, or render the device unusable. The CVSSv3 score is 7.2 (High), reflecting the potential for complete compromise of confidentiality, integrity, and availability [1].

Mitigation

As of the publication date (2023-01-26), no official fix or updated firmware version has been publicly released by Siretta. Users are advised to restrict network access to the management interface (e.g., SSH, web console) to trusted IP ranges only, and monitor the vendor's advisory channels for future patches. Until a fix is available, limiting who can authenticate to the CLI reduces the attack surface [1].