CVE-2024-23630

CVE Database · CVE-2024-23630

CVE-2024-23630

· CRITICALModified

CVSS v3.1

9.0

EPSS

1.48%

Published

Jan 25, 2024

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An arbitrary firmware upload vulnerability exists in the Motorola MR2600. An attacker can exploit this vulnerability to achieve code execution on the device. Authentication is required, however can be bypassed.

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Weaknesses (CWE)

CWE-434CWE-434

Affected Products (2)

motorola · mr2600_firmwarevulnerable

motorola · mr2600

References (2)

https://blog.exodusintel.com/2024/01/25/motorola-mr2600-arbitrary-firmware-upload-vulnerability/

Third Party Advisory

https://blog.exodusintel.com/2024/01/25/motorola-mr2600-arbitrary-firmware-upload-vulnerability/

Third Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs