Overview
- Description
- A format string vulnerability exists in Motorola MTM5000 series firmware AT command handler for the AT+CTGL command. An attacker-controllable string is improperly handled, allowing for a write-anything-anywhere scenario. This can be leveraged to obtain arbitrary code execution inside the teds_app binary, which runs with root privileges.
- Source
- cert@ncsc.nl
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:motorola:mtm5500_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BB7C0C44-3660-4B47-A1ED-0BD19EFC5F03"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:motorola:mtm5500:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A1A0784B-AE84-4457-A884-5C26EEA8D181"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:motorola:mtm5400_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FF669A29-B983-40F6-BBA9-D9F67E653BEF"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:motorola:mtm5400:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "03AA5A43-A1B5-4E1C-A844-691607765E30"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]