{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-23630", "assignerOrgId": "902ff664-2e36-43e3-a1aa-3210c82d1b67", "state": "PUBLISHED", "assignerShortName": "XI", "dateReserved": "2024-01-18T21:37:19.592Z", "datePublished": "2024-01-25T23:41:32.024Z", "dateUpdated": "2025-06-17T14:17:53.349Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "MR2600", "vendor": "Motorola", "versions": [{"status": "affected", "version": "1.0.7"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Exodus Intelligence"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An arbitrary firmware upload vulnerability exists in the Motorola \nMR2600. An attacker can exploit this vulnerability to achieve code \nexecution on the device. Authentication is required, however can be \nbypassed."}], "value": "An arbitrary firmware upload vulnerability exists in the Motorola \nMR2600. An attacker can exploit this vulnerability to achieve code \nexecution on the device. Authentication is required, however can be \nbypassed."}], "impacts": [{"capecId": "CAPEC-23", "descriptions": [{"lang": "en", "value": "CAPEC-23 File Content Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV2_0": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 7.7, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "902ff664-2e36-43e3-a1aa-3210c82d1b67", "shortName": "XI", "dateUpdated": "2024-01-25T23:41:32.024Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://blog.exodusintel.com/2024/01/25/motorola-mr2600-arbitrary-firmware-upload-vulnerability/"}], "source": {"discovery": "INTERNAL"}, "title": "Motorola MR2600 Arbitrary Firmware Upload Vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:06:25.310Z"}, "title": "CVE Program Container", "references": [{"tags": ["third-party-advisory", "x_transferred"], "url": "https://blog.exodusintel.com/2024/01/25/motorola-mr2600-arbitrary-firmware-upload-vulnerability/"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-17T14:17:42.355354Z", "id": "CVE-2024-23630", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-17T14:17:53.349Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://blog.exodusintel.com/2024/01/25/motorola-mr2600-arbitrary-firmware-upload-vulnerability/", "tags": ["third-party-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:06:25.310Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-23630", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-17T14:17:42.355354Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-17T14:17:45.748Z"}}], "cna": {"title": "Motorola MR2600 Arbitrary Firmware Upload Vulnerability", "source": {"discovery": "INTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Exodus Intelligence"}], "impacts": [{"capecId": "CAPEC-23", "descriptions": [{"lang": "en", "value": "CAPEC-23 File Content Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV2_0": {"version": "2.0", "baseScore": 7.7, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Motorola", "product": "MR2600", "versions": [{"status": "affected", "version": "1.0.7"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://blog.exodusintel.com/2024/01/25/motorola-mr2600-arbitrary-firmware-upload-vulnerability/", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "An arbitrary firmware upload vulnerability exists in the Motorola \nMR2600. An attacker can exploit this vulnerability to achieve code \nexecution on the device. Authentication is required, however can be \nbypassed.", "supportingMedia": [{"type": "text/html", "value": "An arbitrary firmware upload vulnerability exists in the Motorola \nMR2600. An attacker can exploit this vulnerability to achieve code \nexecution on the device. Authentication is required, however can be \nbypassed.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "providerMetadata": {"orgId": "902ff664-2e36-43e3-a1aa-3210c82d1b67", "shortName": "XI", "dateUpdated": "2024-01-25T23:41:32.024Z"}}}, "cveMetadata": {"cveId": "CVE-2024-23630", "state": "PUBLISHED", "dateUpdated": "2025-06-17T14:17:53.349Z", "dateReserved": "2024-01-18T21:37:19.592Z", "assignerOrgId": "902ff664-2e36-43e3-a1aa-3210c82d1b67", "datePublished": "2024-01-25T23:41:32.024Z", "assignerShortName": "XI"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:motorola:mr2600_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FB21523A-FF81-44F5-84D4-83D690D1D021", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:motorola:mr2600:-:*:*:*:*:*:*:*", "matchCriteriaId": "23CF30D0-9447-49F2-B33B-CA2BF24D6DD2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An arbitrary firmware upload vulnerability exists in the Motorola \nMR2600. An attacker can exploit this vulnerability to achieve code \nexecution on the device. Authentication is required, however can be \nbypassed."}, {"lang": "es", "value": "Existe una vulnerabilidad de carga de firmware arbitraria en el Motorola MR2600. Un atacante puede aprovechar esta vulnerabilidad para lograr la ejecuci\u00f3n de c\u00f3digo en el dispositivo. Se requiere autenticaci\u00f3n, pero se puede omitir."}], "id": "CVE-2024-23630", "lastModified": "2024-11-21T08:58:02.767", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 7.7, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 5.1, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "disclosures@exodusintel.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "disclosures@exodusintel.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-26T00:15:12.187", "references": [{"source": "disclosures@exodusintel.com", "tags": ["Third Party Advisory"], "url": "https://blog.exodusintel.com/2024/01/25/motorola-mr2600-arbitrary-firmware-upload-vulnerability/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://blog.exodusintel.com/2024/01/25/motorola-mr2600-arbitrary-firmware-upload-vulnerability/"}], "sourceIdentifier": "disclosures@exodusintel.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "disclosures@exodusintel.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-434"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}