CVE-2022-41030

Vulnerability

Siretta QUARTZ-GOLD firmware version G5.0.1.5-210720-141020 contains several stack-based buffer overflow vulnerabilities in the DetranCLI command parsing functionality. The specific overflow is triggered by the no wlan filter mac address WORD descript WORD command template, where user-supplied input is copied into a fixed-size stack buffer using sprintf() without bounds checking, leading to a classic buffer overflow (CWE-120). [1]

Exploitation

An attacker must have administrative (high-privilege) access to the DetranCLI console, which is reachable via SSH or other management interfaces on the router. The attacker sends a specially-crafted network packet containing an oversized argument for the WORD placeholders in the command. The sequence of requests can be automated, and no user interaction is required beyond the attacker authenticating with sufficient privileges. [1]

Impact

Successful exploitation allows an authenticated attacker to execute arbitrary commands on the router with root privileges. This leads to full compromise of confidentiality, integrity, and availability (CVSS 7.2). The attacker can modify device configuration, exfiltrate sensitive data, or render the device inoperable. [1]

Mitigation

As of the publication date (2023-01-26), no fix or updated firmware version has been released by Siretta. The vendor has confirmed the vulnerability but no patch is available. Administrators should restrict access to the management interface to trusted networks and limit the number of administrative accounts. The device is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog as of this writing. [1]