CVE-2022-26941

HIGH Year: 2022
CVSS v3 Score
8.8
High
Weakness Type
CWE-134
View all →

Vulnerability Description

A format string vulnerability exists in Motorola MTM5000 series firmware AT command handler for the AT+CTGL command. An attacker-controllable string is improperly handled, allowing for a write-anything-anywhere scenario. This can be leveraged to obtain arbitrary code execution inside the teds_app binary, which runs with root privileges.

Related Vulnerabilities

CVE-2014-8170

HIGH
CVSS:8.8(High)

ovirt_safe_delete_config in ovirtfunctions.py and other unspecified locations in ovirt-node 3.0.0-474-gb852fd7 as packaged in Red Hat Enterprise Virtualization 3 do not properly quote input strings, w...

CWE-1342014

CVE-2016-10773

HIGH
CVSS:8.8(High)

cPanel before 60.0.25 allows format-string injection in exception-message handling (SEC-171).

CWE-1342016

CVE-2016-5716

HIGH
CVSS:8.8(High)

The console in Puppet Enterprise 2015.x and 2016.x prior to 2016.4.0 includes unsafe string reads that potentially allows for remote code execution on the console node.

CWE-1342016

CVE-2017-12702

HIGH
CVSS:8.8(High)

An Externally Controlled Format String issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. String format specifiers based on user provided input are not properly validated, wh...

CWE-1342017

CVE-2017-2403

HIGH
CVSS:8.8(High)

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Printing" component. A format-string vulnerability allows remote attackers to execute arbit...

CWE-1342017

CVE-2019-7228

HIGH
CVSS:8.8(High)

The ABB IDAL HTTP server mishandles format strings in a username or cookie during the authentication process. Attempting to authenticate with the username %25s%25p%25x%25n will crash the server. Sendi...

CWE-1342019