Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-9498

The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) and Xfinity XR11-20 Voice Remote devices allows local users to upload arbitrary firmware images to an XR11 by leveraging root access. In other words, there is no protection mechanism involving digital signatures for the firmware.

Published

2017-07-31T03:29:00.940

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 5.5 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:N/I:P/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

2.9

Weaknesses

Type: Primary
CWE-354

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	motorola	mx011anm_firmware	mx011an_2.9p6s1_prod_sey	Yes
Hardware	motorola	mx011anm	-	No
Operating System	comcast	xfinity_xr11-20_firmware	-	Yes
Hardware	comcast	xfinity_xr11-20	-	No

References

https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-42.remote-OTA.txt Third Party Advisory ([email protected])
https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-42.remote-OTA.txt Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)