How severe is CVE-2022-26941?

CVE-2022-26941 has a CVSS v3 score of 9.6 (CRITICAL).

CVE-2022-26941

9.6CRITICAL

A format string vulnerability exists in Motorola MTM5000 series firmware AT command handler for the AT+CTGL command. An attacker-controllable string is improperly handled, allowing for a write-anythin

Veröffentlicht: 10/19/2023Aktualisiert: 11/21/2024

Beschreibung

A format string vulnerability exists in Motorola MTM5000 series firmware AT command handler for the AT+CTGL command. An attacker-controllable string is improperly handled, allowing for a write-anything-anywhere scenario. This can be leveraged to obtain arbitrary code execution inside the teds_app binary, which runs with root privileges.

KI-AnalyseKI-gestützt

Betroffene Produkte

motorolamtm5500_firmware

motorolamtm5500

motorolamtm5400_firmware

motorolamtm5400

Referenzen

https://tetraburst.com/
Technical Description
https://tetraburst.com/
Technical Description