CVE-2022-41015
Description
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'vpn basic protocol (l2tp|pptp) name WORD server WORD username WORD passsword WORD firmwall (on|off) defroute (on|off)' command template.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Stack-based buffer overflow in Siretta QUARTZ-GOLD DetranCLI command parsing allows authenticated remote attackers to execute arbitrary commands.
Vulnerability
A stack-based buffer overflow vulnerability exists in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD firmware version G5.0.1.5-210720-141020 [1]. The flaw is located in the function that processes the vpn basic protocol (l2tp|pptp) name WORD server WORD username WORD passsword WORD firmwall (on|off) defroute (on|off) command template. The vulnerable code pattern involves using sprintf(stack_buffer, format_string, command_parameter_1, ...) without proper bounds checking, leading to a classic buffer overflow (CWE-120) [1]. The vulnerability is reachable when a user with administrative CLI access provides overly long parameters that overflow the fixed-size stack buffer.
Exploitation
An attacker must have administrative (high-privilege) access to the QUARTZ-GOLD router's CLI via a network connection (e.g., SSH, serial console). Exploitation involves sending a sequence of specially-crafted commands with excessively long arguments in the vpn basic protocol command fields (e.g., the name, server, username, password, or firmwall/defroute values). The crafted input overflows the stack buffer, allowing overwrite of the return address and control of execution flow [1]. According to the reference, this can be performed without user interaction beyond the authenticated session.
Impact
Successful exploitation allows an authenticated remote attacker to achieve arbitrary command execution on the device with root privileges. This leads to full compromise of the router's confidentiality, integrity, and availability (CIA). An attacker could read or modify configuration data, intercept network traffic, install persistent malware, or disrupt routing operations. The CVSSv3 score is 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) [1].
Mitigation
As of the publication date (2023-01-26), no patched firmware version has been released by Siretta for the QUARTZ-GOLD G5.0.1.5-210720-141020 [1]. The only mitigation is to restrict administrative CLI access to trusted networks and users, enforce strong authentication, and monitor for unusual command sequences. The router has reached end-of-life status according to some sources; if so, replacement with a supported device is recommended. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog as of the publication date.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: = G5.0.1.5-210720-141020
- Siretta/QUARTZ-GOLDv5Range: G5.0.1.5-210720-141020
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.