CVE-2022-42491
Description
Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is reachable through the m2m's M2M_CONFIG_SET command
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Siretta QUARTZ-GOLD G5.0.1.5-210720-141020 contains OS command injection vulnerabilities in the m2m binary's M2M_CONFIG_SET command, allowing unauthenticated remote attackers to execute arbitrary commands.
Vulnerability
Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. These vulnerabilities are reachable through the M2M_CONFIG_SET command handled by the m2m_parse_router_config function [1]. The function uses user-supplied data from a UDP packet to construct an nvram set command string, which is then passed to system() without sanitization [1]. The M2M_CONFIG_SET command is one of several commands that invoke this vulnerable codepath. The affected version is G5.0.1.5-210720-141020 [1].
Exploitation
An attacker can exploit this vulnerability by sending a specially-crafted network request to the device with the M2M service enabled [1]. The attacker does not require any authentication or prior access; the service listens for UDP packets and processes commands like M2M_CONFIG_SET [1]. By injecting shell metacharacters (e.g., semicolons or backticks) into the command string, the attacker can cause the system() call to execute arbitrary OS commands [1]. The attack vector is network-based and requires no user interaction.
Impact
Successful exploitation allows the attacker to execute arbitrary operating system commands with the privileges of the m2m process, typically root [1]. This leads to complete compromise of the affected device, including full control over data confidentiality, integrity, and availability. An attacker could modify configuration, exfiltrate sensitive data, pivot to internal networks, or use the device as a persistent foothold [1]. The CVSSv3 score is 9.8 (Critical) with impact to confidentiality, integrity, and availability all rated as HIGH [1].
Mitigation
As of the publication date, Siretta has not released a patched version to address these vulnerabilities [1]. The vendor confirmed the vulnerability in version G5.0.1.5-210720-141020 [1]. If possible, disable the M2M service if not required, or restrict network access to the device using firewall rules to allow only trusted hosts. No workaround has been provided by the vendor. The CVE is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: = G5.0.1.5-210720-141020
- Siretta/QUARTZ-GOLDv5Range: G5.0.1.5-210720-141020
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.