Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device.
References
Link | Resource |
---|---|
https://tetraburst.com/ | Not Applicable |
Configurations
Configuration 1 (hide)
AND |
|
History
31 Aug 2023, 00:25
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://tetraburst.com/ - Not Applicable | |
First Time |
Motorola
Motorola mbts Site Controller Motorola mbts Site Controller Firmware |
|
CWE | CWE-347 | |
CPE | cpe:2.3:o:motorola:mbts_site_controller_firmware:r05.32.58:*:*:*:*:*:*:* cpe:2.3:h:motorola:mbts_site_controller:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
29 Aug 2023, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-29 09:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-23772
Mitre link : CVE-2023-23772
CVE.ORG link : CVE-2023-23772
JSON object : View
Products Affected
motorola
- mbts_site_controller_firmware
- mbts_site_controller
CWE
CWE-347
Improper Verification of Cryptographic Signature