Lucene search
K

147 matches found

Positive Technologies
Positive Technologies
added 2024/04/16 12:0 a.m.11 views

PT-2024-24732

Name of the Vulnerable Software and Affected Versions ATCMD affected versions not specified Description The issue arises from a misinterpretation of a value in ATCMD by the printf function, leading to incorrect output and potential out-of-bounds memory access. Recommendations At the moment, there...

6.6CVSS6.4AI score0.00226EPSS
Exploits0References3
NVD
NVD
added 2023/10/19 10:15 a.m.27 views

CVE-2022-26941

A format string vulnerability exists in Motorola MTM5000 series firmware AT command handler for the AT+CTGL command. An attacker-controllable string is improperly handled, allowing for a write-anything-anywhere scenario. This can be leveraged to obtain arbitrary code execution inside the tedsapp...

9.6CVSS9.6AI score0.00327EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/10/19 10:15 a.m.3 views

CVE-2022-26941

A format string vulnerability exists in Motorola MTM5000 series firmware AT command handler for the AT+CTGL command. An attacker-controllable string is improperly handled, allowing for a write-anything-anywhere scenario. This can be leveraged to obtain arbitrary code execution inside the tedsapp...

9.6CVSS6.4AI score0.00327EPSS
Exploits0References2
Prion
Prion
added 2023/10/19 10:15 a.m.22 views

Format string

A format string vulnerability exists in Motorola MTM5000 series firmware AT command handler for the AT+CTGL command. An attacker-controllable string is improperly handled, allowing for a write-anything-anywhere scenario. This can be leveraged to obtain arbitrary code execution inside the tedsapp...

5.8CVSS8.8AI score0.00327EPSS
Exploits0References1
CVE
CVE
added 2023/10/19 9:35 a.m.151 views

CVE-2022-26941

CVE-2022-26941 affects Motorola MTM5000 series firmware; the AT+CTGL command handler contains a format-string vulnerability where an attacker-controlled string can be misinterpreted, enabling a write-anything-anywhere condition and arbitrary code execution inside the teds_app binary that runs wit...

9.6CVSS9.3AI score0.00327EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/19 9:35 a.m.199 views

CVE-2022-26941 Format string vulnerability in AT+CTGL command in Motorola MTM5000

A format string vulnerability exists in Motorola MTM5000 series firmware AT command handler for the AT+CTGL command. An attacker-controllable string is improperly handled, allowing for a write-anything-anywhere scenario. This can be leveraged to obtain arbitrary code execution inside the tedsapp...

9.6CVSS7.8AI score0.00327EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/10/19 12:0 a.m.4 views

Motorola MTM5000 Formatting String Error Vulnerability

The Motorola MTM5000 is a mobile radio from Motorola, USA. A security vulnerability exists in the Motorola MTM5000 that stems from a format string vulnerability in the AT+CTGL command in the command handler, which results in a write-anywhere scenario that can be exploited to obtain arbitrary code...

9.6CVSS7.9AI score0.00327EPSS
Exploits0References2
NVD
NVD
added 2023/08/04 6:15 p.m.22 views

CVE-2023-33378

Connected IO v2.1.0 and prior has an argument injection vulnerability in its AT command message in its communication protocol, enabling attackers to execute arbitrary OS commands on devices...

9.8CVSS9.9AI score0.00819EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/08/04 6:15 p.m.4 views

CVE-2023-33378

Connected IO v2.1.0 and prior has an argument injection vulnerability in its AT command message in its communication protocol, enabling attackers to execute arbitrary OS commands on devices...

9.8CVSS6.1AI score0.00819EPSS
Exploits0References3
Prion
Prion
added 2023/08/04 6:15 p.m.17 views

Design/Logic Flaw

Connected IO v2.1.0 and prior has an argument injection vulnerability in its AT command message in its communication protocol, enabling attackers to execute arbitrary OS commands on devices...

7.5CVSS9.8AI score0.00819EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/04 12:0 a.m.9 views

CVE-2023-33378

Connected IO v2.1.0 and prior has an argument injection vulnerability in its AT command message in its communication protocol, enabling attackers to execute arbitrary OS commands on devices...

8.2AI score0.00819EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/08/04 12:0 a.m.5 views

Connected IO Parameter Injection Vulnerability

Connected IO is a leading hardware, software and cloud-based IoT and machine-to-machine solution from US-based Connected IO, Inc. A security vulnerability exists in Connected IO ER2000 v2.1.0 and earlier versions, which stems from a parameter injection vulnerability in the AT command in the...

9.8CVSS8AI score0.00819EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/07/05 12:0 a.m.5 views

HUAWEI HarmonyOS 缓冲区错误漏洞

HUAWEI HarmonyOS is an operating system from China's Huawei HUAWEI. It provides a microkernel-based distributed operating system. A security vulnerability exists in HUAWEI HarmonyOS 2.0, which stems from an out-of-bounds read vulnerability in the USB port AT command, which could be exploited by a...

7.5CVSS5.7AI score0.00588EPSS
Exploits0References5
Prion
Prion
added 2022/03/10 5:45 p.m.22 views

Command injection

In ims service, there is a possible AT command injection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219083; Issue ID: ALPS06219083...

4.6CVSS7.9AI score0.00209EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/03/09 5:2 p.m.28 views

CVE-2022-20054

In ims service, there is a possible AT command injection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219083; Issue ID: ALPS06219083...

8.2AI score0.00209EPSS
Exploits0References1
CVE
CVE
added 2022/03/09 5:2 p.m.96 views

CVE-2022-20054

The CVE-2022-20054 issue affects the ims service, with a missing permission check enabling a possible AT command injection that could allow local escalation of privilege without additional execution privileges or user interaction. Affected context is MediaTek-based platforms (as per multiple sour...

7.8CVSS7.9AI score0.00209EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/01/21 7:15 p.m.5 views

CVE-2022-23728

Attacker can reset the device with AT Command in the process of rebooting the device. The LG ID is LVE-SMP-210011...

6.1CVSS6.4AI score0.00104EPSS
Exploits0References1
NVD
NVD
added 2022/01/21 7:15 p.m.22 views

CVE-2022-23728

Attacker can reset the device with AT Command in the process of rebooting the device. The LG ID is LVE-SMP-210011...

6.6CVSS0.00104EPSS
Exploits0References1
Prion
Prion
added 2022/01/21 7:15 p.m.23 views

Command injection

Attacker can reset the device with AT Command in the process of rebooting the device. The LG ID is LVE-SMP-210011...

6.6CVSS6.4AI score0.00104EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/01/21 6:17 p.m.23 views

CVE-2022-23728

Attacker can reset the device with AT Command in the process of rebooting the device. The LG ID is LVE-SMP-210011...

6.6AI score0.00104EPSS
Exploits0References1
Rows per page
Query Builder