CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2019-15513
https://notcve.org/view.php?id=CVE-2019-15513
23 Aug 2019 — An issue was discovered in OpenWrt libuci (aka Library for the Unified Configuration Interface) before 15.05.1 as used on Motorola CX2L MWR04L 1.01 and C1 MWR03 1.01 devices. /tmp/.uci/network locking is mishandled after reception of a long SetWanSettings command, leading to a device hang. Se detecto un problema un problema en OpenWrt libuci (también conocida como Biblioteca para la Interfaz de Configuración Unificada) en versiones anteriores a la 15.05.1 como se utiliza en los dispositivos Motorola CX2L MW... • https://git.openwrt.org/?p=project/uci.git%3Ba=commitdiff%3Bh=19e29ffc15dbd958e8e6a648ee0982c68353516f • CWE-667: Improper Locking •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-13129
https://notcve.org/view.php?id=CVE-2019-13129
01 Jul 2019 — On the Motorola router CX2L MWR04L 1.01, there is a stack consumption (infinite recursion) issue in scopd via TCP port 8010 and UDP port 8080. It is caused by snprintf and inappropriate length handling. En el router Motorola CX2L MWR04L versión 1.01, hay un problema de consumo de pila (recursión infinita) en scopd a través del puerto TCP 8010 y el puerto UDP 8080. Está causado por snprintf y el manejo inadecuado de longitud. • https://github.com/TeamSeri0us/pocs/blob/master/iot/morouter/morouter_stackoverflow.pdf • CWE-674: Uncontrolled Recursion •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1CVE-2019-12297
https://notcve.org/view.php?id=CVE-2019-12297
23 May 2019 — An issue was discovered in scopd on Motorola routers CX2 1.01 and M2 1.01. There is a Use of an Externally Controlled Format String, reachable via TCP port 8010 or UDP port 8080. Fue encontrado un problema en scopd en los enrutadores Motorola CX2 1.01 y M2 1.01. Se presenta un Uso de una Cadena de Formato Controlada Externamente, accesible por medio del puerto TCP 8010 o el puerto UDP 8080. • https://github.com/TeamSeri0us/pocs/blob/master/iot/morouter_fmtVuln.md • CWE-134: Use of Externally-Controlled Format String •
CVSS: 9.8EPSS: 4%CPEs: 4EXPL: 1CVE-2019-11322
https://notcve.org/view.php?id=CVE-2019-11322
18 Apr 2019 — An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the function startRmtAssist in hnap, which leads to remote code execution via shell metacharacters in a JSON value. Fue encontrado un problema en Motorola versión CX2 1.01 y versión M2 1.01. Hay una inyección de comando en la función startRmtAssist en hnap, que conduce a la ejecución de código remota por medio de metacaracteres shell en un valor JSON. • https://github.com/TeamSeri0us/pocs/blob/master/iot/motorola.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 1CVE-2019-11321
https://notcve.org/view.php?id=CVE-2019-11321
18 Apr 2019 — An issue was discovered in Motorola CX2 1.01 and M2 1.01. The router opens TCP port 8010. Users can send hnap requests to this port without authentication to obtain information such as the MAC addresses of connected client devices. Fue encontrado un problema en Motorola versión CX2 1.01 y versión M2 1.01. El enrutador abre el puerto TCP 8010. • https://github.com/TeamSeri0us/pocs/blob/master/iot/motorola.pdf • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1CVE-2019-11320
https://notcve.org/view.php?id=CVE-2019-11320
18 Apr 2019 — In Motorola CX2 1.01 and M2 1.01, users can access the router's /priv_mgt.html web page to launch telnetd, as demonstrated by the 192.168.51.1 address. En Motorola versión CX2 1.01 y versión M2 1.01, los usuarios pueden acceder a la página web/priv_mgt.html del router para iniciar telnetd, como lo demuestra la dirección 192.168.51.1. • https://github.com/TeamSeri0us/pocs/blob/master/iot/motorola.pdf •
CVSS: 9.8EPSS: 4%CPEs: 4EXPL: 1CVE-2019-11319
https://notcve.org/view.php?id=CVE-2019-11319
18 Apr 2019 — An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the function downloadFirmware in hnap, which leads to remote code execution via shell metacharacters in a JSON value. Fue encontrado un problema en Motorola versión CX2 1.01 y versión M2 1.01. Existe una inyección de comandos en la función downloadFirmware en hnap, que conlleva a la ejecución de código remota por medio de metacaracteres shell en un valor JSON. • https://github.com/TeamSeri0us/pocs/blob/master/iot/motorola.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 9%CPEs: 4EXPL: 1CVE-2019-9117
https://notcve.org/view.php?id=CVE-2019-9117
07 Mar 2019 — An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetNetworkTomographySettings API function, as demonstrated... • https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetNetworkTomographySettings.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 9%CPEs: 4EXPL: 1CVE-2019-9118
https://notcve.org/view.php?id=CVE-2019-9118
07 Mar 2019 — An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetNTPServerSettings API function, as demonstrated by shel... • https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetNTPServerSettings.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 9%CPEs: 4EXPL: 1CVE-2019-9119
https://notcve.org/view.php?id=CVE-2019-9119
07 Mar 2019 — An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetStaticRouteSettings API function, as demonstrated by sh... • https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetStaticRouteSettings.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •