Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device.
References
Link | Resource |
---|---|
https://tetraburst.com/ | Not Applicable |
https://tetraburst.com/ | Not Applicable |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 07:46
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
References | () https://tetraburst.com/ - Not Applicable |
31 Aug 2023, 00:25
Type | Values Removed | Values Added |
---|---|---|
First Time |
Motorola
Motorola mbts Site Controller Motorola mbts Site Controller Firmware |
|
CWE | CWE-347 | |
CPE | cpe:2.3:o:motorola:mbts_site_controller_firmware:r05.32.58:*:*:*:*:*:*:* cpe:2.3:h:motorola:mbts_site_controller:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
References | (MISC) https://tetraburst.com/ - Not Applicable |
29 Aug 2023, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-29 09:15
Updated : 2024-11-21 07:46
NVD link : CVE-2023-23772
Mitre link : CVE-2023-23772
CVE.ORG link : CVE-2023-23772
JSON object : View
Products Affected
motorola
- mbts_site_controller
- mbts_site_controller_firmware
CWE
CWE-347
Improper Verification of Cryptographic Signature