VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 26, 2023· Updated Nov 4, 2025

CVE-2022-42492

CVE-2022-42492

Description

Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is reachable through the m2m's DOWNLOAD_AD command.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

OS command injection in Siretta QUARTZ-GOLD's m2m binary via DOWNLOAD_AD command allows unauthenticated remote code execution.

Vulnerability

An OS command injection vulnerability exists in the m2m binary of Siretta QUARTZ-GOLD firmware version G5.0.1.5-210720-141020. The vulnerability is triggered via the DOWNLOAD_AD command, which calls m2m_parse_router_config and unsafely passes user-controlled input to the system() function [1]. An attacker can send a specially crafted UDP packet to the m2m service to exploit this.

Exploitation

An unauthenticated attacker with network access to the device can send a specially crafted UDP packet to the m2m service. The packet must include the DOWNLOAD_AD command with malicious payload embedded in parameters. No prior authentication or user interaction is required [1].

Impact

Successful exploitation leads to arbitrary command execution with root privileges, allowing the attacker to fully compromise the device, exfiltrate data, install persistent backdoors, or disrupt network operations [1].

Mitigation

As of the publication date, no patched firmware version has been released. If the m2m service is not required, it should be disabled. Network access to the m2m UDP service should be restricted to trusted hosts only [1].

References
  1. TALOS-2022-1640 || Cisco Talos Intelligence Group

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Siretta/QUARTZ-GOLDllm-fuzzy
    Range: = G5.0.1.5-210720-141020
  • Siretta/QUARTZ-GOLDv5
    Range: G5.0.1.5-210720-141020

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.