CVE-2022-41030

Name of the Vulnerable Software and Affected Versions Siretta QUARTZ-GOLD version 5.0.1.5-210720-141020

Description The issue concerns stack-based buffer overflow vulnerabilities in the DetranCLI command parsing functionality. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities, specifically targeting the function that manages the no wlan filter mac address WORD descript WORD command template.

Recommendations For Siretta QUARTZ-GOLD version 5.0.1.5-210720-141020, as a temporary workaround, consider disabling the command parsing functionality for the no wlan filter mac address WORD descript WORD command template until a patch is available. Restrict access to the DetranCLI to minimize the risk of exploitation. Avoid using the vulnerable command template in the affected functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.