Remote Code Execution Vulnerability in Motorola and Xfinity Devices
CVE-2017-9498

5.5MEDIUM

Key Information:

Vendor: Motorola
Status: Mx011anm Firmware
Vendor: CVE Published:; 31 July 2017

What is CVE-2017-9498?

Local users with root access on Comcast firmware-enabled devices, specifically the Motorola MX011ANM and Xfinity XR11-20 Voice Remote, can exploit a serious vulnerability that permits the upload of arbitrary firmware images. This significant oversight occurs due to the lack of digital signatures for firmware protection. Consequently, an unauthorized user could potentially compromise device functionality and security by uploading malicious firmware, leading to unauthorized control and data access.

References

https://github.com/BastilleResearch/CableTap/blob/master/...

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 31, 2017
Vulnerability Reserved
Jun 7, 2017