CVE-2024-23626

A command injection vulnerability exists in the SaveSysLogParams 
parameter of the Motorola MR2600. A remote attacker can exploit this 
vulnerability to achieve command execution. Authentication is required, 
however can be bypassed.
Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9 CRITICAL
ADJACENT_NETWORK
LOW
LOW
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
XICNA
9 CRITICAL
ADJACENT_NETWORK
LOW
LOW
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
VendorProductVersion
motorolamr2600_firmware
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://blog.exodusintel.com/2024/01/25/motorola-mr2600-savesyslogparams-command-injection-vulnerability/
https://blog.exodusintel.com/2024/01/25/motorola-mr2600-savesyslogparams-command-injection-vulnerability/