CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4001
https://notcve.org/view.php?id=CVE-2022-4001
An authentication bypass vulnerability could allow an attacker to access API functions without authentication. • https://en-us.support.motorola.com/app/answers/detail/a_id/176952/~/motorola-q14-mesh-router-vulnerabilities • CWE-287: Improper Authentication •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4002
https://notcve.org/view.php?id=CVE-2022-4002
A command injection vulnerability could allow an authenticated user to execute operating system commands as root via a specially crafted API request. • https://en-us.support.motorola.com/app/answers/detail/a_id/176952/~/motorola-q14-mesh-router-vulnerabilities • CWE-287: Improper Authentication •
CVSS: 2.7EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4003
https://notcve.org/view.php?id=CVE-2022-4003
A denial-of-service vulnerability could allow an authenticated user to trigger an internal service restart via a specially crafted API request. • https://en-us.support.motorola.com/app/answers/detail/a_id/176952/~/motorola-q14-mesh-router-vulnerabilities • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38285 – Insufficiently Protected Credentials in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)
https://notcve.org/view.php?id=CVE-2024-38285
Logs storing credentials are insufficiently protected and can be decoded through the use of open source tools. Los registros que almacenan credenciales no están suficientemente protegidos y pueden decodificarse mediante el uso de herramientas de código abierto. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-19 • CWE-522: Insufficiently Protected Credentials •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38284 – Authentication Bypass by Capture-replay in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)
https://notcve.org/view.php?id=CVE-2024-38284
Transmitted data is logged between the device and the backend service. An attacker could use these logs to perform a replay attack to replicate calls. Los datos transmitidos se registran entre el dispositivo y el servicio backend. Un atacante podría utilizar estos registros para realizar un ataque de repetición para replicar llamadas. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-19 • CWE-294: Authentication Bypass by Capture-replay •