CVE-2022-41029

Vulnerability

The vulnerability is a stack-based buffer overflow in the DetranCLI command parsing of Siretta QUARTZ-GOLD firmware version G5.0.1.5-210720-141020. Specifically, the function handling the 'wlan filter mac address WORD descript WORD' command uses sprintf to copy user-supplied parameters into a fixed-size stack buffer without bounds checking, leading to overflow. [1]

Exploitation

An attacker needs network access to the router and valid administrative credentials (privilege level required to execute DetranCLI commands). The attacker sends a sequence of specially crafted network packets containing the vulnerable command with overly long parameters, causing a stack buffer overflow. This can overwrite the return address and other stack data, leading to arbitrary code execution. [1]

Impact

Successful exploitation allows the attacker to execute arbitrary commands on the router with root privileges, resulting in full compromise of confidentiality, integrity, and availability. The CVSSv3 score is 7.2 (High). [1]

Mitigation

As of the advisory publication date (January 2023), no patch has been released by Siretta. Users should restrict network access to the router's management interface and ensure only trusted administrators have credentials. The product may be end-of-life; consult vendor for updates. [1]