How severe is CVE-2022-26941?

CVE-2022-26941 has a CVSS v3 score of 9.6 (CRITICAL).

CVE-2022-26941

9.6CRITICAL

A format string vulnerability exists in Motorola MTM5000 series firmware AT command handler for the AT+CTGL command. An attacker-controllable string is improperly handled, allowing for a write-anythin

Опубликовано: 10/19/2023Обновлено: 11/21/2024

Описание

A format string vulnerability exists in Motorola MTM5000 series firmware AT command handler for the AT+CTGL command. An attacker-controllable string is improperly handled, allowing for a write-anything-anywhere scenario. This can be leveraged to obtain arbitrary code execution inside the teds_app binary, which runs with root privileges.

ИИ-АнализНа базе ИИ

Затронутые продукты

motorolamtm5500_firmware

motorolamtm5500

motorolamtm5400_firmware

motorolamtm5400

Ссылки

https://tetraburst.com/
Technical Description
https://tetraburst.com/
Technical Description