- Description
- The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible by an attacker.
- Source
- psirt@lenovo.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:motorola:mh702x_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "638069D4-50A2-47FF-957A-75294EAF99CF",
"versionEndExcluding": "2.0.0.301"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:motorola:mh702x:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "034DBE0E-A4C7-4BB9-8DCC-AA0325BC5036"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]