CVE-2024-23628 - OpenCVE

A command injection vulnerability exists in the 'SaveStaticRouteIPv6Params' parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however can be bypassed.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:A/AC:L/Au:S/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Motorola	Mr2600 Mr2600 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:motorola:mr2600_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:motorola:mr2600:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://blog.exodusintel.com/2024/01/25/motorola-mr2600-savestaticrouteipv6params-command-injection-vulnerability/

History

No history.

MITRE

Status: PUBLISHED

Assigner: XI

Published: 2024-01-25T23:41:27.462Z

Updated: 2024-08-23T19:14:40.486Z

Reserved: 2024-01-18T21:37:19.591Z

Link: CVE-2024-23628

Vulnrichment

Updated: 2024-08-01T23:06:25.456Z

NVD

Status : Analyzed

Published: 2024-01-26T00:15:11.273

Modified: 2024-02-01T19:40:28.237

Link: CVE-2024-23628

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-23628", "assignerOrgId": "902ff664-2e36-43e3-a1aa-3210c82d1b67", "state": "PUBLISHED", "assignerShortName": "XI", "dateReserved": "2024-01-18T21:37:19.591Z", "datePublished": "2024-01-25T23:41:27.462Z", "dateUpdated": "2024-08-23T19:14:40.486Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "MR2600", "vendor": "Motorola", "versions": [{"status": "affected", "version": "1.0.7"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Exodus Intelligence"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A command injection vulnerability exists in the \n'SaveStaticRouteIPv6Params' parameter of the Motorola MR2600. A remote \nattacker can exploit this vulnerability to achieve command execution. \nAuthentication is required, however can be bypassed."}], "value": "A command injection vulnerability exists in the \n'SaveStaticRouteIPv6Params' parameter of the Motorola MR2600. A remote \nattacker can exploit this vulnerability to achieve command execution. \nAuthentication is required, however can be bypassed."}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV2_0": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 7.7, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "902ff664-2e36-43e3-a1aa-3210c82d1b67", "shortName": "XI", "dateUpdated": "2024-01-25T23:41:27.462Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://blog.exodusintel.com/2024/01/25/motorola-mr2600-savestaticrouteipv6params-command-injection-vulnerability/"}], "source": {"discovery": "INTERNAL"}, "title": "Motorola MR2600 SaveStaticRouteIPv6Params Command Injection Vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:06:25.456Z"}, "title": "CVE Program Container", "references": [{"tags": ["third-party-advisory", "x_transferred"], "url": "https://blog.exodusintel.com/2024/01/25/motorola-mr2600-savestaticrouteipv6params-command-injection-vulnerability/"}]}, {"affected": [{"vendor": "motorola", "product": "mr2600_firmware", "cpes": ["cpe:2.3:o:motorola:mr2600_firmware:1.0.7:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.0.7", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-23T19:11:05.837374Z", "id": "CVE-2024-23628", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-23T19:14:40.486Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://blog.exodusintel.com/2024/01/25/motorola-mr2600-savestaticrouteipv6params-command-injection-vulnerability/", "tags": ["third-party-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:06:25.456Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-23628", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-23T19:11:05.837374Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:motorola:mr2600_firmware:1.0.7:*:*:*:*:*:*:*"], "vendor": "motorola", "product": "mr2600_firmware", "versions": [{"status": "affected", "version": "1.0.7"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-23T19:14:33.203Z"}}], "cna": {"title": "Motorola MR2600 SaveStaticRouteIPv6Params Command Injection Vulnerability", "source": {"discovery": "INTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Exodus Intelligence"}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV2_0": {"version": "2.0", "baseScore": 7.7, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Motorola", "product": "MR2600", "versions": [{"status": "affected", "version": "1.0.7"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://blog.exodusintel.com/2024/01/25/motorola-mr2600-savestaticrouteipv6params-command-injection-vulnerability/", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A command injection vulnerability exists in the \n'SaveStaticRouteIPv6Params' parameter of the Motorola MR2600. A remote \nattacker can exploit this vulnerability to achieve command execution. \nAuthentication is required, however can be bypassed.", "supportingMedia": [{"type": "text/html", "value": "A command injection vulnerability exists in the \n'SaveStaticRouteIPv6Params' parameter of the Motorola MR2600. A remote \nattacker can exploit this vulnerability to achieve command execution. \nAuthentication is required, however can be bypassed.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}], "providerMetadata": {"orgId": "902ff664-2e36-43e3-a1aa-3210c82d1b67", "shortName": "XI", "dateUpdated": "2024-01-25T23:41:27.462Z"}}}, "cveMetadata": {"cveId": "CVE-2024-23628", "state": "PUBLISHED", "dateUpdated": "2024-08-23T19:14:40.486Z", "dateReserved": "2024-01-18T21:37:19.591Z", "assignerOrgId": "902ff664-2e36-43e3-a1aa-3210c82d1b67", "datePublished": "2024-01-25T23:41:27.462Z", "assignerShortName": "XI"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:motorola:mr2600_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FB21523A-FF81-44F5-84D4-83D690D1D021", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:motorola:mr2600:-:*:*:*:*:*:*:*", "matchCriteriaId": "23CF30D0-9447-49F2-B33B-CA2BF24D6DD2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A command injection vulnerability exists in the \n'SaveStaticRouteIPv6Params' parameter of the Motorola MR2600. A remote \nattacker can exploit this vulnerability to achieve command execution. \nAuthentication is required, however can be bypassed."}, {"lang": "es", "value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos en el par\u00e1metro 'SaveStaticRouteIPv6Params' del Motorola MR2600. Un atacante remoto puede aprovechar esta vulnerabilidad para lograr la ejecuci\u00f3n de comandos. Se requiere autenticaci\u00f3n, pero se puede omitir."}], "id": "CVE-2024-23628", "lastModified": "2024-02-01T19:40:28.237", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 7.7, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 5.1, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "disclosures@exodusintel.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "disclosures@exodusintel.com", "type": "Secondary"}]}, "published": "2024-01-26T00:15:11.273", "references": [{"source": "disclosures@exodusintel.com", "tags": ["Third Party Advisory"], "url": "https://blog.exodusintel.com/2024/01/25/motorola-mr2600-savestaticrouteipv6params-command-injection-vulnerability/"}], "sourceIdentifier": "disclosures@exodusintel.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-77"}], "source": "disclosures@exodusintel.com", "type": "Secondary"}]}