CVE-2021-3460
Published Apr 13, 2021
Last updated 4 years ago
Overview
- Description
- The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible by an attacker.
- Source
- psirt@lenovo.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:motorola:mh702x_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "638069D4-50A2-47FF-957A-75294EAF99CF",
"versionEndExcluding": "2.0.0.301"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:motorola:mh702x:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "034DBE0E-A4C7-4BB9-8DCC-AA0325BC5036"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]