CVE-2022-41019

Vulnerability

A stack-based buffer overflow vulnerability exists in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD router firmware version G5.0.1.5-210720-141020 [1]. Specifically, the overflow occurs in the function managing the vpn l2tp advanced name WORD dns (yes|no) mtu <128-16384> mru <128-16384> auth (on|off) password (WORD|null) command template. The issue arises from an unsafe use of sprintf to copy user-controlled parameters into a fixed-size stack buffer without proper bounds checking [1].

Exploitation

An attacker with high privileges (authenticated access to the router's CLI) can send a crafted sequence of network packets to trigger the overflow. The attacker must provide specially crafted values for the command parameters, such as exceeding buffer lengths. The CVSS vector (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) indicates a network-accessible attack vector requiring high privileges and no user interaction [1].

Impact

Successful exploitation leads to arbitrary command execution on the router with root-level privileges, compromising confidentiality, integrity, and availability of the device. The attacker can gain full control over the router.

Mitigation

No vendor patch has been released as of the publication date (2023-01-26) [1]. Users should restrict network access to the router's management interface and monitor for vendor updates. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog as of that date [1].