PT-2017-18967 · Motorola · Motorola Mx011Anm

Chris Grayson

Published

2017-07-31

Updated

2017-08-02

CVE-2017-9497

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Comcast firmware on Motorola MX011ANM version MX011AN 2.9p6s1 PROD sey

Description The issue allows physically proximate attackers to execute arbitrary commands as root. This can be achieved by accessing the diagnostics menu on the set-top box and then posting to a Web Inspector route.

Recommendations For Comcast firmware on Motorola MX011ANM version MX011AN 2.9p6s1 PROD sey, consider restricting physical access to the set-top box to minimize the risk of exploitation. As a temporary workaround, limit access to the diagnostics menu and Web Inspector routes until a patch is available.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2017-9497

Affected Products

Motorola Mx011Anm

PT-2017-18967 · Motorola · Motorola Mx011Anm

CVE-2017-9497

Weakness Enumeration

Related Identifiers

Affected Products

References · 3