CVE-2022-26941
Format string vulnerability in AT+CTGL command in Motorola MTM5000
CVSS Score
9.6
EPSS Score
0.0%
EPSS Percentile
0th
A format string vulnerability exists in Motorola MTM5000 series firmware AT command handler for the AT+CTGL command. An attacker-controllable string is improperly handled, allowing for a write-anything-anywhere scenario. This can be leveraged to obtain arbitrary code execution inside the teds_app binary, which runs with root privileges.
| CWE | CWE-134 |
| Vendor | motorola |
| Product | mobile radio |
| Published | Oct 19, 2023 |
| Last Updated | Sep 12, 2024 |
Stay Ahead of the Next One
Get instant alerts for motorola mobile radio
Be the first to know when new critical vulnerabilities affecting motorola mobile radio are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C/CR:X/IR:X/AR:X/MAV:A/MAC:L/MPR:N/MUI:N/MS:C/MC:H/MI:H/MA:H Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
Motorola / Mobile Radio
MTM5000
Credits
Midnight Blue