Vulnerabilities > CVE-2022-41021 - Out-of-bounds Write vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

047910
CVSS 7.2 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
siretta
CWE-787

Summary

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'vpn l2tp advanced name WORD dns (yes|no) mtu <128-16384> mru <128-16384> auth (on|off) password (WORD|null) options WORD' command template.

Vulnerable Configurations

Part Description Count
OS
Siretta
1
Hardware
Siretta
1

Common Weakness Enumeration (CWE)