CVE-2024-23626 — CRITICAL (9.0)

Vulnerability Description

A command injection vulnerability exists in the ‘SaveSysLogParams’ parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however can be bypassed.

CVSS Score

9.0

CRITICAL

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Motorola	Mr2600 Firmware	-
Motorola	Mr2600	-

Related Weaknesses (CWE)

CWE-77

References

https://blog.exodusintel.com/2024/01/25/motorola-mr2600-savesyslogparams-commandThird Party Advisory
https://blog.exodusintel.com/2024/01/25/motorola-mr2600-savesyslogparams-commandThird Party Advisory

FAQ

What is CVE-2024-23626?

CVE-2024-23626 is a vulnerability with a CVSS score of 9.0 (CRITICAL). A command injection vulnerability exists in the ‘SaveSysLogParams’ parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is ...

How severe is CVE-2024-23626?

CVE-2024-23626 has been rated CRITICAL with a CVSS base score of 9.0/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2024-23626?

Check the references section above for vendor advisories and patch information. Affected products include: Motorola Mr2600 Firmware, Motorola Mr2600.