VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 26, 2023· Updated Nov 4, 2025

CVE-2022-41014

CVE-2022-41014

Description

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no static dhcp mac WORD (WORD|null) ip A.B.C.D hostname (WORD|null) description (WORD|null)' command template.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Stack-based buffer overflow in Siretta QUARTZ-GOLD router's DetranCLI allows authenticated remote attackers to execute arbitrary commands via crafted 'no static dhcp mac' command.

Vulnerability

A stack-based buffer overflow exists in the DetranCLI command parsing of Siretta QUARTZ-GOLD firmware version G5.0.1.5-210720-141020 [1]. The vulnerability is in the function that processes the no static dhcp mac WORD (WORD|null) ip A.B.C.D hostname (WORD|null) description (WORD|null) command template. The use of sprintf without bounds checking on user-supplied parameters allows an attacker to overflow a stack buffer [1].

Exploitation

An attacker must have authenticated access to the router's CLI with high privileges (administrator level) [1]. The attacker sends a sequence of requests with overly long parameters for the mac, ip, hostname, or description fields, causing a stack buffer overflow. No user interaction is required beyond the attacker's own actions [1].

Impact

Successful exploitation results in arbitrary command execution with root privileges, leading to full compromise of the device's confidentiality, integrity, and availability [1].

Mitigation

As of the publication date, no official fix has been disclosed in the available references [1]. Users should restrict network access to the CLI interface, enforce strong authentication, and monitor for suspicious activity. Contacting Siretta for firmware updates is recommended.

References
  1. TALOS-2022-1613 || Cisco Talos Intelligence Group

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Siretta/QUARTZ-GOLDllm-fuzzy
    Range: = G5.0.1.5-210720-141020
  • Siretta/QUARTZ-GOLDv5
    Range: G5.0.1.5-210720-141020

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.