CVE-2017-9498
Summary
| CVE | CVE-2017-9498 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-07-31 03:29:00 UTC |
| Updated | 2019-10-03 00:03:00 UTC |
| Description | The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) and Xfinity XR11-20 Voice Remote devices allows local users to upload arbitrary firmware images to an XR11 by leveraging root access. In other words, there is no protection mechanism involving digital signatures for the firmware. |
Risk And Classification
Problem Types: CWE-354
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Comcast | Xfinity Xr11-20 | - | All | All | All |
| Hardware | Comcast | Xfinity Xr11-20 | - | All | All | All |
| Operating System | Comcast | Xfinity Xr11-20 Firmware | - | All | All | All |
| Operating System | Comcast | Xfinity Xr11-20 Firmware | - | All | All | All |
| Hardware | Motorola | Mx011anm | - | All | All | All |
| Hardware | Motorola | Mx011anm | - | All | All | All |
| Operating System | Motorola | Mx011anm Firmware | mx011an_2.9p6s1_prod_sey | All | All | All |
| Operating System | Motorola | Mx011anm Firmware | mx011an_2.9p6s1_prod_sey | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CableTap/bastille-42.remote-OTA.txt at master · BastilleResearch/CableTap · GitHub | MISC | github.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.