A format string vulnerability exists in Motorola MTM5000 series firmware AT command handler for the AT+CTGL command. An attacker-controllable string is improperly handled, allowing for a write-anything-anywhere scenario. This can be leveraged to obtain arbitrary code execution inside the teds_app binary, which runs with root privileges.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://tetraburst.com/ |
History
No history.
MITRE
Status: PUBLISHED
Assigner: NCSC-NL
Published: 2023-10-19T09:35:52.646Z
Updated: 2024-09-12T20:28:58.903Z
Reserved: 2022-03-11T22:19:24.847Z
Link: CVE-2022-26941
Vulnrichment
Updated: 2024-08-03T05:18:38.375Z
NVD
Status : Modified
Published: 2023-10-19T10:15:09.860
Modified: 2024-11-21T06:54:50.533
Link: CVE-2022-26941
Redhat
No data.