CVE-2022-26941— Format string vulnerability in AT+CTGL command in Motorola MTM5000
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-26941
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Format string vulnerability in AT+CTGL command in Motorola MTM5000
Source: NVD (National Vulnerability Database)
Vulnerability Description
A format string vulnerability exists in Motorola MTM5000 series firmware AT command handler for the AT+CTGL command. An attacker-controllable string is improperly handled, allowing for a write-anything-anywhere scenario. This can be leveraged to obtain arbitrary code execution inside the teds_app binary, which runs with root privileges.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用外部控制的格式字符串
Source: NVD (National Vulnerability Database)
Vulnerability Title
Motorola MTM5000 格式化字符串错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Motorola MTM5000是美国摩托罗拉(Motorola)公司的一种移动收音机。 Motorola MTM5000 存在安全漏洞,该漏洞源于命令处理程序中的 AT+CTGL 命令存在格式字符串漏洞,导致出现随处写入的情况,攻击者利用该漏洞可以在 teds_app 二进制文件中获得任意代码执行,该二进制文件以 root 权限运行。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Motorola | Mobile Radio | MTM5000 | - |
II. Public POCs for CVE-2022-26941
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-26941
请登录查看更多情报信息。
Same Patch Batch · Motorola · 2023-10-19 · 4 CVEs total
| CVE-2022-26943 | 8.8 HIGH | Weak PRNG entropy source used for authentication challenge generation in Motorola MTM5000 |
| CVE-2022-26942 | 8.2 HIGH | Multiple missing pointer validation checks in trusted execution module in Motorola MTM5000 |
| CVE-2022-27813 | 8.1 HIGH | Unconfigured memory protection modules in Motorola MTM5000 |
IV. Related Vulnerabilities
Same weakness: CWE-134
- CVE-2026-44407
Remote Denial of Service Vulnerability Exists in ZTE Cloud P - CVE-2026-6539
Notepad++ 8.9.3 Format String Injection via nativeLang.xml - CVE-2026-6843
Nano: nano: format string vulnerability leads to denial of s - CVE-2026-3509
CODESYS Control Audit Log Format String DoS - CVE-2026-33210
Ruby JSON has a format string injection vulnerability
V. Comments for CVE-2022-26941
No comments yet