CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-23630: Motorola MR2600 Arbitrary Firmware Upload Vulnerability

9.0 CVSS

Description

An arbitrary firmware upload vulnerability exists in the Motorola
MR2600. An attacker can exploit this vulnerability to achieve code
execution on the device. Authentication is required, however can be
bypassed.

Classification

CVE ID: CVE-2024-23630

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.0

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Problem Types

CWE-434 Unrestricted Upload of File with Dangerous Type

Affected Products

Vendor: Motorola

Product: MR2600

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.12% (probability of being exploited)

EPSS Percentile: 31.56% (scored less or equal to compared to others)

EPSS Date: 2025-06-19 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: partial

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2024-23630
https://blog.exodusintel.com/2024/01/25/motorola-mr2600-arbitrary-firmware-upload-vulnerability/

Timeline

2025-06-17 15:40:12 UTC
CVE

Motorola MR2600 Arbitrary Firmware Upload Vulnerability