Vulnerabilities > CVE-2022-41026 - Out-of-bounds Write vulnerability in Siretta Quartz-Gold Firmware G5.0.1.5210720141020

CVSS 7.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

siretta

CWE-787

NVD

Published: 2023-01-26

Updated: 2023-02-02

Summary

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no vpn pptp advanced name WORD dns (yes|no) mtu <128-16384> mru <128-16384> mppe (on|off) stateful (on|off) options WORD' command template.

Vulnerable Configurations

Part	Description	Count
OS	Siretta Siretta Quartz Gold Firmware G5.0.1.5-210720-141020	1
Hardware	Siretta Siretta Quartz Gold -	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://talosintelligence.com/vulnerability_reports/TALOS-2022-1613