Backdoor Vulnerability in Motorola MBTS Site Controller
CVE-2023-23770

9.4CRITICAL

Key Information:

Vendor: Motorola
Status: Mbts Site Controller
Vendor: CVE Published:; 29 August 2023

What is CVE-2023-23770?

The Motorola MBTS Site Controller features a significant vulnerability where it accepts a hard-coded backdoor password, which service technicians use to diagnose and configure the device. This hard-coded password poses a serious security risk, as it cannot be changed or disabled, potentially allowing unauthorized access to critical system functions.

Affected Version(s)

MBTS Site Controller R05.32.58

References

https://tetraburst.com/

CVSS V3.1

Score:

9.4

Severity:

CRITICAL

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 29, 2023
Vulnerability Reserved
Jan 17, 2023

Credit

Midnight Blue