99 results (0.007 seconds)

CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0

An authentication bypass vulnerability could allow an attacker to access API functions without authentication. • https://en-us.support.motorola.com/app/answers/detail/a_id/176952/~/motorola-q14-mesh-router-vulnerabilities • CWE-287: Improper Authentication •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

A command injection vulnerability could allow an authenticated user to execute operating system commands as root via a specially crafted API request. • https://en-us.support.motorola.com/app/answers/detail/a_id/176952/~/motorola-q14-mesh-router-vulnerabilities • CWE-287: Improper Authentication •

CVSS: 2.7EPSS: 0%CPEs: 1EXPL: 0

A denial-of-service vulnerability could allow an authenticated user to trigger an internal service restart via a specially crafted API request. • https://en-us.support.motorola.com/app/answers/detail/a_id/176952/~/motorola-q14-mesh-router-vulnerabilities • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0

Logs storing credentials are insufficiently protected and can be decoded through the use of open source tools. Los registros que almacenan credenciales no están suficientemente protegidos y pueden decodificarse mediante el uso de herramientas de código abierto. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-19 • CWE-522: Insufficiently Protected Credentials •

CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0

Transmitted data is logged between the device and the backend service. An attacker could use these logs to perform a replay attack to replicate calls. Los datos transmitidos se registran entre el dispositivo y el servicio backend. Un atacante podría utilizar estos registros para realizar un ataque de repetición para replicar llamadas. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-19 • CWE-294: Authentication Bypass by Capture-replay •