EIP-d52674b0
An arbitrary firmware upload vulnerability exists in the Motorola MR2600. An attacker can exploit this vulnerability to achieve code execution on the device. Authentication is required, however can be bypassed.
Vulnerability Identifier
- Exodus Intelligence: EIP-d52674b0
- MITRE: CVE-2024-23630
Vulnerability Metrics
- CVSSv2 Vector: AV:A/AC:L/Au:S/C:C/I:C/A:C
- CVSSv2 Score: 7.7
Vendor References
- The affected product is end-of-life and no patches are available.
Discovery Credit
- Exodus Intelligence
Disclosure Timeline
- Disclosed to Vendor: April 29, 2021
- Disclosed to public: January 25, 2024
Further Information
Readers of this advisory who are interested in receiving further details around the vulnerability, mitigations, detection guidance, and more can contact us at sales@exodusintel.com