PT-2017-18968 · Motorola+1 · Motorola Mx011Anm+1
Chris Grayson
+2
·
Published
2017-07-31
·
Updated
2019-10-03
·
CVE-2017-9498
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Comcast firmware on Motorola MX011ANM version MX011AN 2.9p6s1 PROD sey
Comcast firmware on Xfinity XR11-20 Voice Remote devices (affected versions not specified)
Description
The issue allows local users to upload arbitrary firmware images to an XR11 device by leveraging root access, due to the lack of a protection mechanism involving digital signatures for the firmware.
Recommendations
For Comcast firmware on Motorola MX011ANM version MX011AN 2.9p6s1 PROD sey, consider restricting root access to prevent arbitrary firmware uploads until a patch is available.
For Comcast firmware on Xfinity XR11-20 Voice Remote devices, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Motorola Mx011Anm
Xfinity Xr11-20 Voice Remote