How severe is CVE-2022-26941?

CVE-2022-26941 has a CVSS v3 score of 9.6 (CRITICAL).

CVE-2022-26941

9.6CRITICAL

A format string vulnerability exists in Motorola MTM5000 series firmware AT command handler for the AT+CTGL command. An attacker-controllable string is improperly handled, allowing for a write-anythin

Publicado: 10/19/2023Atualizado: 11/21/2024

Descrição

A format string vulnerability exists in Motorola MTM5000 series firmware AT command handler for the AT+CTGL command. An attacker-controllable string is improperly handled, allowing for a write-anything-anywhere scenario. This can be leveraged to obtain arbitrary code execution inside the teds_app binary, which runs with root privileges.

Análise IADesenvolvido por IA

Produtos Afetados

motorolamtm5500_firmware

motorolamtm5500

motorolamtm5400_firmware

motorolamtm5400

Referências

https://tetraburst.com/
Technical Description
https://tetraburst.com/
Technical Description