Unauthenticated RCE Flaw in Motorola MR2600 Router Exposes Remote Attackers

Unauthenticated RCE in Motorola's MR2600 Router

14MrBruh💬 0
Unauthenticated RCE Flaw in Motorola MR2600 Router Exposes Remote Attackers

I discovered a critical unauthenticated Remote Code Execution vulnerability in the Motorola MR2600 router caused by flawed authentication checks and multipart parsing errors. This flaw allows attackers on the LAN, or remotely if management is enabled, to upload and flash malicious firmware without any credentials. Despite my attempts to report the issue, Motorola Mobility and Motorola Solutions passed the buck, leaving the end-of-life device exposed to the public internet.

"So far, for the vulnerabilities I have personally reported to AMD, ASUS, Google, Motorola, MSI, Netgear, TP-Link (and more), I have been paid a total of $0 in bug bounties."

More from this day · 2026-07-12