What is CVE-2022-26941?

CVE-2022-26941 is a critical-severity vulnerability in Motorola Mobile Radio, classified under Use of Externally-Controlled Format String. CVSS score: 9.6/10. Published 2023-10-19.

How severe is CVE-2022-26941?

Critical severity. CVSS v3 base score is 9.6 out of 10.

Vulnerability in Motorola Mobile Radio

CVE-2022-26941

A format string vulnerability exists in Motorola MTM5000 series firmware AT command handler for the AT+CTGL command. An attacker-controllable string is improperly handled, allowing for a write-anything-anywhere scenario. This can be levera…

EPSS: 0.001 (32.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.6 (Critical). Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C/CR:X/IR:X/AR:X/MAV:A/MAC:L/MPR:N/MUI:N/MS:C/MC:H/MI:H/MA:H.

Affected products

Motorola Mobile Radio — versions MTM5000

Weakness classification (CWE)

CWE-134 — Use of Externally-Controlled Format String

References

TETRA:BURST (related)

Frequently asked questions

What is CVE-2022-26941?: CVE-2022-26941 is a critical-severity vulnerability in Motorola Mobile Radio, classified under Use of Externally-Controlled Format String. CVSS score: 9.6/10. Published 2023-10-19.
How severe is CVE-2022-26941?: Critical severity. CVSS v3 base score is 9.6 out of 10.