Unauthenticated RCE in Motorola's MR2600 Router
5 hours ago
- #Firmware Exploit
- #Router Security
- #Vulnerability Disclosure
- The article details the discovery of an unauthenticated Remote Code Execution (RCE) vulnerability in Motorola's MR2600 router.
- The vulnerability involves two steps: first, uploading a malicious firmware via a flawed multipart form handler, and second, triggering firmware flashing through an authentication bypass in SOAP handlers.
- The exploit can be executed by any attacker on the LAN without authentication, and may be remotely exploitable if remote management is enabled on the router.
- Motorola declined responsibility for the end-of-life MR2600 router, leading to public disclosure of the vulnerability.
- The author received no bug bounties for reporting vulnerabilities to various vendors, including Motorola.