CVSS: 10.0EPSS: 49%CPEs: 2EXPL: 2CVE-2020-21937
https://notcve.org/view.php?id=CVE-2020-21937
21 Jul 2021 — An command injection vulnerability in HNAP1/SetWLanApcliSettings of Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n allows attackers to execute arbitrary system commands. Una vulnerabilidad de inyección de comandos en HNAP1/SetWLanApcliSettings del enrutador CX Motorola CX2 versión 1.0.2 Build 20190508 Rel.97360n, permite a atacantes ejecutar comandos arbitrarios del sistema • https://cwe.mitre.org/data/definitions/78.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 2CVE-2020-21936
https://notcve.org/view.php?id=CVE-2020-21936
21 Jul 2021 — An issue in HNAP1/GetMultipleHNAPs of Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n allows attackers to access the components GetStationSettings, GetWebsiteFilterSettings and GetNetworkSettings without authentication. Un problema en HNAP1/GetMultipleHNAPs del enrutador CX Motorola CX2 versión 1.0.2 Build 20190508 Rel.97360n, permite a atacantes acceder a los componentes GetStationSettings, GetWebsiteFilterSettings y GetNetworkSettings sin autenticación • https://github.com/cc-crack/router/blob/master/motocx2.md • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 4%CPEs: 2EXPL: 2CVE-2020-21935
https://notcve.org/view.php?id=CVE-2020-21935
21 Jul 2021 — A command injection vulnerability in HNAP1/GetNetworkTomographySettings of Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n allows attackers to execute arbitrary code. Una vulnerabilidad de inyección de comandos en HNAP1/GetNetworkTomographySettings del enrutador CX Motorola CX2 versión 1.0.2 Build 20190508 Rel.97360n, permite a atacantes ejecutar código arbitrario • https://github.com/cc-crack/router/blob/master/motocx2.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2020-21934
https://notcve.org/view.php?id=CVE-2020-21934
21 Jul 2021 — An issue was discovered in Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n where authentication to download the Syslog could be bypassed. Se detectó un problema en el enrutador CX Motorola CX2 versión 1.0.2 Build 20190508 Rel.97360n, donde se podía omitir la autenticación para descargar el Syslog • https://github.com/cc-crack/router/blob/master/motocx2.md • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2020-21933
https://notcve.org/view.php?id=CVE-2020-21933
21 Jul 2021 — An issue was discovered in Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n where the admin password and private key could be found in the log tar package. Se detectó un problema en el enrutador CX Motorola CX2 versión 1.0.2 Build 20190508 Rel.97360n, donde la contraseña de administrador y la clave privada podían encontrarse en el paquete log tar • https://github.com/cc-crack/router/blob/master/motocx2.md • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 2CVE-2020-21932
https://notcve.org/view.php?id=CVE-2020-21932
21 Jul 2021 — A vulnerability in /Login.html of Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n allows attackers to bypass login and obtain a partially authorized token and uid. Una vulnerabilidad en /Login.html del enrutador CX Motorola CX2 versión 1.0.2 Build 20190508 Rel.97360n, permite a atacantes omitir el inicio de sesión y obtener un token y un uid parcialmente autorizados • https://github.com/cc-crack/router/blob/master/motocx2.md • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 1CVE-2019-12297
https://notcve.org/view.php?id=CVE-2019-12297
23 May 2019 — An issue was discovered in scopd on Motorola routers CX2 1.01 and M2 1.01. There is a Use of an Externally Controlled Format String, reachable via TCP port 8010 or UDP port 8080. Fue encontrado un problema en scopd en los enrutadores Motorola CX2 1.01 y M2 1.01. Se presenta un Uso de una Cadena de Formato Controlada Externamente, accesible por medio del puerto TCP 8010 o el puerto UDP 8080. • https://github.com/TeamSeri0us/pocs/blob/master/iot/morouter_fmtVuln.md • CWE-134: Use of Externally-Controlled Format String •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 1CVE-2019-11322
https://notcve.org/view.php?id=CVE-2019-11322
18 Apr 2019 — An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the function startRmtAssist in hnap, which leads to remote code execution via shell metacharacters in a JSON value. Fue encontrado un problema en Motorola versión CX2 1.01 y versión M2 1.01. Hay una inyección de comando en la función startRmtAssist en hnap, que conduce a la ejecución de código remota por medio de metacaracteres shell en un valor JSON. • https://github.com/TeamSeri0us/pocs/blob/master/iot/motorola.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 1CVE-2019-11321
https://notcve.org/view.php?id=CVE-2019-11321
18 Apr 2019 — An issue was discovered in Motorola CX2 1.01 and M2 1.01. The router opens TCP port 8010. Users can send hnap requests to this port without authentication to obtain information such as the MAC addresses of connected client devices. Fue encontrado un problema en Motorola versión CX2 1.01 y versión M2 1.01. El enrutador abre el puerto TCP 8010. • https://github.com/TeamSeri0us/pocs/blob/master/iot/motorola.pdf • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 1CVE-2019-11320
https://notcve.org/view.php?id=CVE-2019-11320
18 Apr 2019 — In Motorola CX2 1.01 and M2 1.01, users can access the router's /priv_mgt.html web page to launch telnetd, as demonstrated by the 192.168.51.1 address. En Motorola versión CX2 1.01 y versión M2 1.01, los usuarios pueden acceder a la página web/priv_mgt.html del router para iniciar telnetd, como lo demuestra la dirección 192.168.51.1. • https://github.com/TeamSeri0us/pocs/blob/master/iot/motorola.pdf •