Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Format string vulnerability in AT+CTGL command in Motorola MTM5000
Vulnerability Description
A format string vulnerability exists in Motorola MTM5000 series firmware AT command handler for the AT+CTGL command. An attacker-controllable string is improperly handled, allowing for a write-anything-anywhere scenario. This can be leveraged to obtain arbitrary code execution inside the teds_app binary, which runs with root privileges.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
使用外部控制的格式字符串
Vulnerability Title
Motorola MTM5000 格式化字符串错误漏洞
Vulnerability Description
Motorola MTM5000是美国摩托罗拉(Motorola)公司的一种移动收音机。 Motorola MTM5000 存在安全漏洞,该漏洞源于命令处理程序中的 AT+CTGL 命令存在格式字符串漏洞,导致出现随处写入的情况,攻击者利用该漏洞可以在 teds_app 二进制文件中获得任意代码执行,该二进制文件以 root 权限运行。
CVSS Information
N/A
Vulnerability Type
N/A