CVE-2021-3460

8.1 HIGH

The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certificate during communication with the supp...

Published: 2021-04-13 · Last updated: 2026-06-17

Severity and scoring

CVSS: 8.1 HIGH
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-295

Affected products

Vendor	Product
motorola	mh702x_firmware

Description

The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible by an attacker.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-3460
[Vendor advisory]https://motorolamentor.zendesk.com/hc/en-us/articles/1260804087249
[Vendor advisory]https://motorolamentor.zendesk.com/hc/en-us/articles/1260804087249

Related CVEs

Same vendor

CVE-2021-3459 — A privilege escalation vulnerability was reported in the MM1000 device configuration web server, which could allow privileged shell acces... (6.8 MEDIUM)
CVE-2021-3458 — The Motorola MM1000 device configuration portal can be accessed without authentication, which could allow adapter settings to be modified (6.1 MEDIUM)

Same CWE

CVE-2025-71261 — An attacker with network-level access between the SUSE Virtualization and Rancher Manager in SUSE Harvester before 1.8.0 could interfere... (8.6 HIGH)
CVE-2026-9259 — Improper validation of server certificates in Canon EOS Network Setting Tool Version 1.5.0 or earlier (6.5 MEDIUM)
CVE-2026-9258 — Improper validation of SSH host keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier (6.5 MEDIUM)
CVE-2026-45388 — In OCaml-TLS before 2.1.0, the client implementation does insufficient checks of the certificate provided by the server, which allows imp... (9.1 CRITICAL)
CVE-2026-45170 — Idira Privilege Cloud Connector versions prior 1.1.100504 under specific conditions and configuration scenarios, TLS certificate validati...