A format string vulnerability exists in Motorola MTM5000 series firmware AT command handler for the AT+CTGL command. An attacker-controllable string is improperly handled, allowing for a write-anything-anywhere scenario. This can be leveraged to obtain arbitrary code execution inside the teds_app binary, which runs with root privileges.
References
Link Providers
https://tetraburst.com/ cve-icon cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: NCSC-NL

Published: 2023-10-19T09:35:52.646Z

Updated: 2024-09-12T20:28:58.903Z

Reserved: 2022-03-11T22:19:24.847Z

Link: CVE-2022-26941

cve-icon Vulnrichment

Updated: 2024-08-03T05:18:38.375Z

cve-icon NVD

Status : Modified

Published: 2023-10-19T10:15:09.860

Modified: 2024-11-21T06:54:50.533

Link: CVE-2022-26941

cve-icon Redhat

No data.