CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-23629 – Motorola MR2600 Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-23629
25 Jan 2024 — An authentication bypass vulnerability exists in the web component of the Motorola MR2600. An attacker can exploit this vulnerability to access protected URLs and retrieve sensitive information. Existe una vulnerabilidad de omisión de autenticación en el componente web del Motorola MR2600. Un atacante puede aprovechar esta vulnerabilidad para acceder a URL protegidas y recuperar información confidencial. • https://blog.exodusintel.com/2024/01/25/motorola-mr2600-authentication-bypass-vulnerability • CWE-287: Improper Authentication CWE-863: Incorrect Authorization •
CVSS: 9.0EPSS: 1%CPEs: 2EXPL: 0CVE-2024-23628 – Motorola MR2600 SaveStaticRouteIPv6Params Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-23628
25 Jan 2024 — A command injection vulnerability exists in the 'SaveStaticRouteIPv6Params' parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however can be bypassed. Existe una vulnerabilidad de inyección de comandos en el parámetro 'SaveStaticRouteIPv6Params' del Motorola MR2600. Un atacante remoto puede aprovechar esta vulnerabilidad para lograr la ejecución de comandos. • https://blog.exodusintel.com/2024/01/25/motorola-mr2600-savestaticrouteipv6params-command-injection-vulnerability • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 2%CPEs: 2EXPL: 0CVE-2024-23627 – Motorola MR2600 SaveStaticRouteIPv4Params Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-23627
25 Jan 2024 — A command injection vulnerability exists in the 'SaveStaticRouteIPv4Params' parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however can be bypassed. Existe una vulnerabilidad de inyección de comandos en el parámetro 'SaveStaticRouteIPv4Params' del Motorola MR2600. Un atacante remoto puede aprovechar esta vulnerabilidad para lograr la ejecución de comandos. • https://blog.exodusintel.com/2024/01/25/motorola-mr2600-savestaticrouteipv4params-command-injection-vulnerability • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 2%CPEs: 2EXPL: 0CVE-2024-23626 – Motorola MR2600 SaveSysLogParams Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-23626
25 Jan 2024 — A command injection vulnerability exists in the ‘SaveSysLogParams’ parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however can be bypassed. Existe una vulnerabilidad de inyección de comandos en el parámetro 'SaveSysLogParams' del Motorola MR2600. Un atacante remoto puede aprovechar esta vulnerabilidad para lograr la ejecución de comandos. • https://blog.exodusintel.com/2024/01/25/motorola-mr2600-savesyslogparams-command-injection-vulnerability • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-3681
https://notcve.org/view.php?id=CVE-2022-3681
27 Oct 2023 — A vulnerability has been identified in the MR2600 router v1.0.18 and earlier that could allow an attacker within range of the wireless network to successfully brute force the WPS pin, potentially allowing them unauthorized access to a wireless network. Se identificó una vulnerabilidad en el Router MR2600 v1.0.18 y anteriores que podría permitir a un atacante dentro del alcance de la red inalámbrica forzar con éxito el pin WPS, permitiéndole potencialmente acceso no autorizado a una red inalámbrica. • https://web.archive.org/web/20230317174952/https://help.motorolanetwork.com/hc/en-us/articles/9933302506523 • CWE-287: Improper Authentication •
CVSS: 9.6EPSS: 0%CPEs: 4EXPL: 0CVE-2022-26941 – Format string vulnerability in AT+CTGL command in Motorola MTM5000
https://notcve.org/view.php?id=CVE-2022-26941
19 Oct 2023 — A format string vulnerability exists in Motorola MTM5000 series firmware AT command handler for the AT+CTGL command. An attacker-controllable string is improperly handled, allowing for a write-anything-anywhere scenario. This can be leveraged to obtain arbitrary code execution inside the teds_app binary, which runs with root privileges. Existe una vulnerabilidad de cadena de formato en el controlador de comandos AT del firmware de la serie Motorola MTM5000 para el comando AT+CTGL. Una cadena controlable por... • https://tetraburst.com • CWE-134: Use of Externally-Controlled Format String •
CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 0CVE-2022-26942 – Multiple missing pointer validation checks in trusted execution module in Motorola MTM5000
https://notcve.org/view.php?id=CVE-2022-26942
19 Oct 2023 — The Motorola MTM5000 series firmwares lack pointer validation on arguments passed to trusted execution environment (TEE) modules. Two modules are used, one responsible for KVL key management and the other for TETRA cryptographic functionality. In both modules, an adversary with non-secure supervisor level code execution can exploit the issue in order to gain secure supervisor code execution within the TEE. This constitutes a full break of the TEE module, exposing the device key as well as any TETRA cryptogr... • https://tetraburst.com • CWE-763: Release of Invalid Pointer or Reference CWE-822: Untrusted Pointer Dereference •
CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 0CVE-2022-27813 – Unconfigured memory protection modules in Motorola MTM5000
https://notcve.org/view.php?id=CVE-2022-27813
19 Oct 2023 — Motorola MTM5000 series firmwares lack properly configured memory protection of pages shared between the OMAP-L138 ARM and DSP cores. The SoC provides two memory protection units, MPU1 and MPU2, to enforce the trust boundary between the two cores. Since both units are left unconfigured by the firmwares, an adversary with control over either core can trivially gain code execution on the other, by overwriting code located in shared RAM or DDR2 memory regions. Los firmwares de la serie Motorola MTM5000 carecen... • https://tetraburst.com • CWE-1260: Improper Handling of Overlap Between Protected Memory Ranges •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-26943 – Weak PRNG entropy source used for authentication challenge generation in Motorola MTM5000
https://notcve.org/view.php?id=CVE-2022-26943
19 Oct 2023 — The Motorola MTM5000 series firmwares generate TETRA authentication challenges using a PRNG using a tick count register as its sole entropy source. Low boottime entropy and limited re-seeding of the pool renders the authentication challenge vulnerable to two attacks. First, due to the limited boottime pool entropy, an adversary can derive the contents of the entropy pool by an exhaustive search of possible values, based on an observed authentication challenge. Second, an adversary can use knowledge of the e... • https://tetraburst.com • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3407
https://notcve.org/view.php?id=CVE-2022-3407
01 Sep 2023 — I some cases, when the device is USB-tethered to a host PC, and the device is sharing its mobile network connection with the host PC, if the user originates a call on the device, then the device's modem may reset and cause the phone call to not succeed. This may block the user from dialing emergency services. This patch resolves the device's modem reset issue. En algunos casos, cuando el dispositivo está conectado por USB a un PC host y comparte su conexión de red móvil con el PC host, si el usuario realiza... • https://en-us.support.motorola.com/app/answers/detail/a_id/175354 • CWE-404: Improper Resource Shutdown or Release •