CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-3458
https://notcve.org/view.php?id=CVE-2021-3458
17 Aug 2021 — The Motorola MM1000 device configuration portal can be accessed without authentication, which could allow adapter settings to be modified. Puede accederse al portal de configuración del dispositivo Motorola MM1000 sin autenticación, que podría permitir una modificación de la configuración del adaptador. • https://motorolamentor.zendesk.com/hc/en-us/articles/1260804047750 • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 8%CPEs: 2EXPL: 2CVE-2020-21937
https://notcve.org/view.php?id=CVE-2020-21937
21 Jul 2021 — An command injection vulnerability in HNAP1/SetWLanApcliSettings of Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n allows attackers to execute arbitrary system commands. Una vulnerabilidad de inyección de comandos en HNAP1/SetWLanApcliSettings del enrutador CX Motorola CX2 versión 1.0.2 Build 20190508 Rel.97360n, permite a atacantes ejecutar comandos arbitrarios del sistema • https://cwe.mitre.org/data/definitions/78.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 2CVE-2020-21936
https://notcve.org/view.php?id=CVE-2020-21936
21 Jul 2021 — An issue in HNAP1/GetMultipleHNAPs of Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n allows attackers to access the components GetStationSettings, GetWebsiteFilterSettings and GetNetworkSettings without authentication. Un problema en HNAP1/GetMultipleHNAPs del enrutador CX Motorola CX2 versión 1.0.2 Build 20190508 Rel.97360n, permite a atacantes acceder a los componentes GetStationSettings, GetWebsiteFilterSettings y GetNetworkSettings sin autenticación • https://github.com/cc-crack/router/blob/master/motocx2.md • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 3%CPEs: 2EXPL: 2CVE-2020-21935
https://notcve.org/view.php?id=CVE-2020-21935
21 Jul 2021 — A command injection vulnerability in HNAP1/GetNetworkTomographySettings of Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n allows attackers to execute arbitrary code. Una vulnerabilidad de inyección de comandos en HNAP1/GetNetworkTomographySettings del enrutador CX Motorola CX2 versión 1.0.2 Build 20190508 Rel.97360n, permite a atacantes ejecutar código arbitrario • https://github.com/cc-crack/router/blob/master/motocx2.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2020-21934
https://notcve.org/view.php?id=CVE-2020-21934
21 Jul 2021 — An issue was discovered in Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n where authentication to download the Syslog could be bypassed. Se detectó un problema en el enrutador CX Motorola CX2 versión 1.0.2 Build 20190508 Rel.97360n, donde se podía omitir la autenticación para descargar el Syslog • https://github.com/cc-crack/router/blob/master/motocx2.md • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2020-21933
https://notcve.org/view.php?id=CVE-2020-21933
21 Jul 2021 — An issue was discovered in Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n where the admin password and private key could be found in the log tar package. Se detectó un problema en el enrutador CX Motorola CX2 versión 1.0.2 Build 20190508 Rel.97360n, donde la contraseña de administrador y la clave privada podían encontrarse en el paquete log tar • https://github.com/cc-crack/router/blob/master/motocx2.md • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 2CVE-2020-21932
https://notcve.org/view.php?id=CVE-2020-21932
21 Jul 2021 — A vulnerability in /Login.html of Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n allows attackers to bypass login and obtain a partially authorized token and uid. Una vulnerabilidad en /Login.html del enrutador CX Motorola CX2 versión 1.0.2 Build 20190508 Rel.97360n, permite a atacantes omitir el inicio de sesión y obtener un token y un uid parcialmente autorizados • https://github.com/cc-crack/router/blob/master/motocx2.md • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-3460
https://notcve.org/view.php?id=CVE-2021-3460
13 Apr 2021 — The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible by an attacker. Los dispositivos Motorola MH702x, anteriores a versión 2.0.0.301, no verifican apropiadamente el certificado del servidor durante la comunicación con el servidor de soporte, lo que podría conllevar que un canal de comunicación sea accedido por un atacante • https://motorolamentor.zendesk.com/hc/en-us/articles/1260804087249 • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 1CVE-2020-10874
https://notcve.org/view.php?id=CVE-2020-10874
23 Mar 2020 — Motorola FX9500 devices allow remote attackers to read database files. Los dispositivos Motorola FX9500, permiten a atacantes remotos leer archivos de la bases de datos. • https://www.youtube.com/watch?v=Lv-STOyQCVY • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-16257
https://notcve.org/view.php?id=CVE-2019-16257
12 Sep 2019 — Some Motorola devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit (STK) instructions in an SMS message, aka Simjacker. Algunos dispositivos Motorola incluyen el SIMalliance Toolbox Browser (también se conoce como S@T Browser) en el UICC, lo que podría permitir a atacantes remotos recuperar información de ubicación e IMEI, o recuperar otr... • https://www.adaptivemobile.com/blog/simjacker-next-generation-spying-over-mobile •