CVE-2024-23630

EUVD-2024-21124
An arbitrary firmware upload vulnerability exists in the Motorola 
MR2600. An attacker can exploit this vulnerability to achieve code 
execution on the device. Authentication is required, however can be 
bypassed.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9 CRITICAL
ADJACENT_NETWORK
LOW
LOW
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
XICNA
9 CRITICAL
ADJACENT_NETWORK
LOW
LOW
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 30%
Affected Products (NVD)
VendorProductVersion
motorolamr2600_firmware
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://blog.exodusintel.com/2024/01/25/motorola-mr2600-arbitrary-firmware-upload-vulnerability/
https://blog.exodusintel.com/2024/01/25/motorola-mr2600-arbitrary-firmware-upload-vulnerability/