MR2600 Command Injection Vulnerability

Potential Impact: Arbitrary code execution

Severity: High

Scope of Impact: Motorola-specific

CVE Identifier: CVE-2022-34885

Summary Description:

An improper input sanitization vulnerability in the Motorola MR2600 router could allow a local user with elevated permissions to execute arbitrary code.

Mitigation Strategy for Customers (what you should do to protect yourself):

Motorola recommends updating the Motorola MR2600 router to software version 1.0.22 .

Product	Affected Version	Update Download Link
MR2600	All versions prior to 1.0.22	https://help.motorolanetwork.com/kb/mr2600/mr2600-software-updates#previous-software-updates

Acknowledgement:

Motorola thanks Jiaqian Peng from Institute of Information Engineering, Chinese Academy of Science for reporting this vulnerability.

References:

https://help.motorolanetwork.com/kb/mr2600/mr2600-software-updates

Revision History:

Revision	Date	Description
1	2022-08-17	Initial release

Aug 20, 2024

Summary Description:

Mitigation Strategy for Customers (what you should do to protect yourself):

Acknowledgement:

References:

Revision History:

Next Article in Topic

Previous Article in Topic

Related Articles

Was this article helpful?

Contact Us