Unauthenticated RCE in Motorola's MR2600 Router - AllTheNews.today

Unauthenticated RCE in Motorola's MR2600 Router

# Summary A researcher discovered an unauthenticated remote code execution vulnerability in Motorola's MR2600 Wi-Fi 5 router that allows attackers to upload and flash malicious firmware. The vulnerability stems from two critical flaws: the firmware upload endpoint improperly validates SEAMA image headers by checking raw multipart data instead of extracted form fields, and the authentication check occurs after the file is already written to the router's storage rather than before. An attacker can bypass these protections by sending raw firmware data without multipart boundaries and then triggering the flash routine without authentication.
Read Full Article →
mrbruh.com
← Back to Latest