CVE-2022-42490

Vulnerability

The Siretta QUARTZ-GOLD industrial router (firmware version G5.0.1.5-210720-141020) contains an OS command injection vulnerability in the m2m binary. The vulnerability exists within the m2m_parse_router_config function, which constructs an nvram set command using sprintf and executes it via system(). User-supplied data from a network request is incorporated into the command without sanitization, allowing arbitrary command execution. The DOWNLOAD_CFG_FILE command is one of the commands that triggers this vulnerable code path [1].

Exploitation

An attacker can exploit this vulnerability by sending a specially crafted UDP packet to the m2m service running on the device. No authentication is required. The packet must conform to the specific format expected by the service. The attacker embeds malicious commands within the parameters of the DOWNLOAD_CFG_FILE command. When the service processes the packet, the injected commands are passed to the system() call, resulting in execution [1].

Impact

Successful exploitation allows an unauthenticated remote attacker to execute arbitrary operating system commands with root privileges. This can lead to full compromise of the device, including data exfiltration, installation of malware, or further network attacks [1].

Mitigation

As of the publication date, no fix or workaround has been disclosed in the available references. The affected version is Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. Users should monitor vendor updates and restrict network access to the m2m service until a patch is released [1].