CVE: Common Vulnerabilities and Exposures

Required CVE Record Information

Description

A command injection vulnerability exists in the 'SaveStaticRouteIPv6Params' parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however can be bypassed.

CWE 1 Total

Learn more

CWE-77: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

CVSS 2 Total

Learn more

Score	Severity	Version	Vector String
9.0	CRITICAL	3.1	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.7	—	2.0	AV:A/AC:L/Au:S/C:C/I:C/A:C

Product Status

Learn more

Versions 1 Total

Default Status: unaffected

affected

Credits

Exodus Intelligence finder

References 1 Total

https://blog.exodusintel.com/2024/01/25/motorola-mr2600-savestaticrouteipv6params-command-injection-vulnerability/
external site
third-party-advisory

Updated: 2024-08-01

This container includes required additional information provided by the CVE Program for this vulnerability.

References 1 Total

https://blog.exodusintel.com/2024/01/25/motorola-mr2600-savestaticrouteipv6params-command-injection-vulnerability/
external site
third-party-advisoryx_transferred

Authorized Data Publishers

Learn more

Common vulnerabilities and Exposures (CVE)

Required CVE Record Information

CNA: Exodus Intelligence

Description

CWE 1 Total

CVSS 2 Total

Product Status

Credits

References 1 Total

CVE Program

References 1 Total

Authorized Data Publishers

CISA-ADP