CVE-2022-26941

CVE Database · CVE-2022-26941

CVE-2022-26941

· CRITICALModified

CVSS v3.1

9.6

EPSS

0.33%

Published

Oct 19, 2023

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A format string vulnerability exists in Motorola MTM5000 series firmware AT command handler for the AT+CTGL command. An attacker-controllable string is improperly handled, allowing for a write-anything-anywhere scenario. This can be leveraged to obtain arbitrary code execution inside the teds_app binary, which runs with root privileges.

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Weaknesses (CWE)

CWE-134CWE-134

Affected Products (4)

motorola · mtm5500_firmwarevulnerable

motorola · mtm5500

motorola · mtm5400_firmwarevulnerable

motorola · mtm5400

References (2)

https://tetraburst.com/

Technical Description

https://tetraburst.com/

Technical Description

KEV Catalog EPSS Scores Vendors All CVEs