Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-26941

A format string vulnerability exists in Motorola MTM5000 series firmware AT command handler for the AT+CTGL command. An attacker-controllable string is improperly handled, allowing for a write-anything-anywhere scenario. This can be leveraged to obtain arbitrary code execution inside the teds_app binary, which runs with root privileges.

Published

2023-10-19T10:15:09.860

Last Modified

2024-11-21T06:54:50.533

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.6 (CRITICAL)

Weaknesses

Type: Secondary
CWE-134
Type: Primary
CWE-134

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	motorola	mtm5500_firmware	-	Yes
Hardware	motorola	mtm5500	-	No
Operating System	motorola	mtm5400_firmware	-	Yes
Hardware	motorola	mtm5400	-	No

References

https://tetraburst.com/ Technical Description ([email protected])
https://tetraburst.com/ Technical Description (af854a3a-2127-422b-91ae-364da2661108)