CVE-2021-32089

SUMMARY

The following vulnerability was found in the Motorola/Zebra FX9500 RFID Reader.

The Motorola/Zebra FX9500 RFID Reader suffers from inadequate access controls and unauthenticated arbitrary file upload. An unauthenticated remote attacker can abuse these vulnerabilities to achieve remote code execution.

IMPACT

Access Vector:   REMOTE
Access Complexity: LOW
Authentication:   NOT REQUIRED TO EXPLOIT
Impact Type: CODE EXECUTION
Privilege Level:   WEB SERVER USER

AFFECTED PRODUCTS

Motorola/Zebra FX9500 Fixed RFID Reader

SOFTWARE FIXES

Product Discontinuation Date: October 31, 2017

Service & Support Discontinuation Date: June 30, 2018

This product has reached its end-of-life and will not be updated nor will it receive a patch.

TIMELINE

12.30.2021

Vulnerability discovered

2.12.2021

Vendor (Motorola) informed of vulnerability

4.1.2021

Vendor (Zebra) informed of vulnerability

5.06.2021

CVE Issued

5.10.2021

Vendor gives consent for disclosure

REFERENCES

https://www.zebra.com/us/en/support-downloads/rfid/rfid-readers/fx9500.html