CVE-2022-26941

Name: CVE-2022-26941
Creator: NVD / NIST
Published: 2023-10-19T10:15:09.86+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.8/10EPSS 0.33%

Last modified Jun 17, 2026

CVE-2022-26941 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. A format string vulnerability exists in Motorola MTM5000 series firmware AT command handler for the AT+CTGL command. An attacker-controllable string is improperly handled, allowing for a write-anything-anywhere scenario. EPSS estimates a 0.33% chance of exploitation in the next 30 days.

Description

A format string vulnerability exists in Motorola MTM5000 series firmware AT command handler for the AT+CTGL command. An attacker-controllable string is improperly handled, allowing for a write-anything-anywhere scenario. This can be leveraged to obtain arbitrary code execution inside the teds_app binary, which runs with root privileges.

Metrics

CVSS 3.1

8.8/10

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

0.33%

24.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Motorola	Mtm5500 Firmware	All versions
Motorola	Mtm5400 Firmware	All versions

References

https://tetraburst.com/Technical Description
https://tetraburst.com/Technical Description

Timeline

Published: Oct 19, 2023
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-26941?

How severe is CVE-2022-26941?

CVE-2022-26941 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 0.33% probability of exploitation in the next 30 days.

How do I fix CVE-2022-26941?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-26941?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST