CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 1CVE-2019-11321
https://notcve.org/view.php?id=CVE-2019-11321
An issue was discovered in Motorola CX2 1.01 and M2 1.01. The router opens TCP port 8010. Users can send hnap requests to this port without authentication to obtain information such as the MAC addresses of connected client devices. Fue encontrado un problema en Motorola versión CX2 1.01 y versión M2 1.01. El enrutador abre el puerto TCP 8010. • https://github.com/TeamSeri0us/pocs/blob/master/iot/motorola.pdf • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1CVE-2019-11320
https://notcve.org/view.php?id=CVE-2019-11320
In Motorola CX2 1.01 and M2 1.01, users can access the router's /priv_mgt.html web page to launch telnetd, as demonstrated by the 192.168.51.1 address. En Motorola versión CX2 1.01 y versión M2 1.01, los usuarios pueden acceder a la página web/priv_mgt.html del router para iniciar telnetd, como lo demuestra la dirección 192.168.51.1. • https://github.com/TeamSeri0us/pocs/blob/master/iot/motorola.pdf •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1CVE-2019-11319
https://notcve.org/view.php?id=CVE-2019-11319
An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the function downloadFirmware in hnap, which leads to remote code execution via shell metacharacters in a JSON value. Fue encontrado un problema en Motorola versión CX2 1.01 y versión M2 1.01. Existe una inyección de comandos en la función downloadFirmware en hnap, que conlleva a la ejecución de código remota por medio de metacaracteres shell en un valor JSON. • https://github.com/TeamSeri0us/pocs/blob/master/iot/motorola.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2019-9121
https://notcve.org/view.php?id=CVE-2019-9121
An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetSmartQoSSettings API function, as demonstrated by shell metacharacters in the smartqos_priority_devices field. Se ha descubierto un problema con los dispositivos C1 y M2 de Motorola con versiones de firmware 1.01 y 1.07. • https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetSmartQoSSettings.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 1CVE-2019-9119
https://notcve.org/view.php?id=CVE-2019-9119
An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetStaticRouteSettings API function, as demonstrated by shell metacharacters in the staticroute_list field. Se ha descubierto un problema con los dispositivos C1 y M2 de Motorola con versiones de firmware 1.01 y 1.07. • https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetStaticRouteSettings.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •