{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-26941", "assignerOrgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39", "state": "PUBLISHED", "assignerShortName": "NCSC-NL", "dateReserved": "2022-03-11T22:19:24.847Z", "datePublished": "2023-10-19T09:35:52.646Z", "dateUpdated": "2024-09-12T20:28:58.903Z"}, "containers": {"cna": {"affected": [{"vendor": "Motorola", "product": "Mobile Radio", "versions": [{"version": "MTM5000", "status": "affected"}]}], "title": "Format string vulnerability in AT+CTGL command in Motorola MTM5000", "descriptions": [{"lang": "en", "value": "A format string vulnerability exists in Motorola MTM5000 series firmware AT command handler for the AT+CTGL command. An attacker-controllable string is improperly handled, allowing for a write-anything-anywhere scenario. This can be leveraged to obtain arbitrary code execution inside the teds_app binary, which runs with root privileges."}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-134", "description": "Use of Externally-Controlled Format String", "type": "CWE"}]}], "providerMetadata": {"orgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39", "shortName": "NCSC-NL", "dateUpdated": "2024-07-15T00:27:54.327Z"}, "references": [{"name": "TETRA:BURST", "tags": ["related"], "url": "https://tetraburst.com/"}], "credits": [{"lang": "en", "value": "Midnight Blue", "type": "finder"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C/CR:X/IR:X/AR:X/MAV:A/MAC:L/MPR:N/MUI:N/MS:C/MC:H/MI:H/MA:H"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T05:18:38.375Z"}, "title": "CVE Program Container", "references": [{"name": "TETRA:BURST", "tags": ["related", "x_transferred"], "url": "https://tetraburst.com/"}]}, {"affected": [{"vendor": "motorola", "product": "mobile_radio", "cpes": ["cpe:2.3:a:motorola:mobile_radio:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "mtm5000", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-12T20:25:32.359297Z", "id": "CVE-2022-26941", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T20:28:58.903Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://tetraburst.com/", "name": "TETRA:BURST", "tags": ["related", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T05:18:38.375Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-26941", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-12T20:25:32.359297Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:motorola:mobile_radio:*:*:*:*:*:*:*:*"], "vendor": "motorola", "product": "mobile_radio", "versions": [{"status": "affected", "version": "mtm5000"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T20:28:53.344Z"}}], "cna": {"title": "Format string vulnerability in AT+CTGL command in Motorola MTM5000", "credits": [{"lang": "en", "type": "finder", "value": "Midnight Blue"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.6, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C/CR:X/IR:X/AR:X/MAV:A/MAC:L/MPR:N/MUI:N/MS:C/MC:H/MI:H/MA:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Motorola", "product": "Mobile Radio", "versions": [{"status": "affected", "version": "MTM5000"}]}], "references": [{"url": "https://tetraburst.com/", "name": "TETRA:BURST", "tags": ["related"]}], "descriptions": [{"lang": "en", "value": "A format string vulnerability exists in Motorola MTM5000 series firmware AT command handler for the AT+CTGL command. An attacker-controllable string is improperly handled, allowing for a write-anything-anywhere scenario. This can be leveraged to obtain arbitrary code execution inside the teds_app binary, which runs with root privileges."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-134", "description": "Use of Externally-Controlled Format String"}]}], "providerMetadata": {"orgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39", "shortName": "NCSC-NL", "dateUpdated": "2024-07-15T00:27:54.327Z"}}}, "cveMetadata": {"cveId": "CVE-2022-26941", "state": "PUBLISHED", "dateUpdated": "2024-09-12T20:28:58.903Z", "dateReserved": "2022-03-11T22:19:24.847Z", "assignerOrgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39", "datePublished": "2023-10-19T09:35:52.646Z", "assignerShortName": "NCSC-NL"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:motorola:mtm5500_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "BB7C0C44-3660-4B47-A1ED-0BD19EFC5F03", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:motorola:mtm5500:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1A0784B-AE84-4457-A884-5C26EEA8D181", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:motorola:mtm5400_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FF669A29-B983-40F6-BBA9-D9F67E653BEF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:motorola:mtm5400:-:*:*:*:*:*:*:*", "matchCriteriaId": "03AA5A43-A1B5-4E1C-A844-691607765E30", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A format string vulnerability exists in Motorola MTM5000 series firmware AT command handler for the AT+CTGL command. An attacker-controllable string is improperly handled, allowing for a write-anything-anywhere scenario. This can be leveraged to obtain arbitrary code execution inside the teds_app binary, which runs with root privileges."}, {"lang": "es", "value": "Existe una vulnerabilidad de cadena de formato en el controlador de comandos AT del firmware de la serie Motorola MTM5000 para el comando AT+CTGL. Una cadena controlable por un atacante se maneja incorrectamente, lo que permite un escenario en el que se puede escribir cualquier cosa en cualquier lugar. Esto se puede aprovechar para obtener la ejecuci\u00f3n de c\u00f3digo arbitrario dentro del binario teds_app, que se ejecuta con privilegios de root."}], "id": "CVE-2022-26941", "lastModified": "2024-11-21T06:54:50.533", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 6.0, "source": "cert@ncsc.nl", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-19T10:15:09.860", "references": [{"source": "cert@ncsc.nl", "tags": ["Technical Description"], "url": "https://tetraburst.com/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Technical Description"], "url": "https://tetraburst.com/"}], "sourceIdentifier": "cert@ncsc.nl", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-134"}], "source": "cert@ncsc.nl", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-134"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}