CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 0CVE-2024-45880
https://notcve.org/view.php?id=CVE-2024-45880
08 Oct 2024 — A command injection vulnerability exists in Motorola CX2L router v1.0.2 and below. The vulnerability is present in the SetStationSettings function. The system directly invokes the system function to execute commands for setting parameters such as MAC address without proper input filtering. This allows malicious users to inject and execute arbitrary commands. • https://github.com/N1nEmAn/wp/blob/main/m0tOrol%40-Cx2l.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4001
https://notcve.org/view.php?id=CVE-2022-4001
31 Jul 2024 — An authentication bypass vulnerability could allow an attacker to access API functions without authentication. • https://en-us.support.motorola.com/app/answers/detail/a_id/176952/~/motorola-q14-mesh-router-vulnerabilities • CWE-287: Improper Authentication •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4002
https://notcve.org/view.php?id=CVE-2022-4002
31 Jul 2024 — A command injection vulnerability could allow an authenticated user to execute operating system commands as root via a specially crafted API request. • https://en-us.support.motorola.com/app/answers/detail/a_id/176952/~/motorola-q14-mesh-router-vulnerabilities • CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4003
https://notcve.org/view.php?id=CVE-2022-4003
31 Jul 2024 — A denial-of-service vulnerability could allow an authenticated user to trigger an internal service restart via a specially crafted API request. • https://en-us.support.motorola.com/app/answers/detail/a_id/176952/~/motorola-q14-mesh-router-vulnerabilities • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38285 – Insufficiently Protected Credentials in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)
https://notcve.org/view.php?id=CVE-2024-38285
13 Jun 2024 — Logs storing credentials are insufficiently protected and can be decoded through the use of open source tools. Los registros que almacenan credenciales no están suficientemente protegidos y pueden decodificarse mediante el uso de herramientas de código abierto. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-19 • CWE-522: Insufficiently Protected Credentials •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38284 – Authentication Bypass by Capture-replay in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)
https://notcve.org/view.php?id=CVE-2024-38284
13 Jun 2024 — Transmitted data is logged between the device and the backend service. An attacker could use these logs to perform a replay attack to replicate calls. Los datos transmitidos se registran entre el dispositivo y el servicio backend. Un atacante podría utilizar estos registros para realizar un ataque de repetición para replicar llamadas. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-19 • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38283 – Missing Encryption of Sensitive Data in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)
https://notcve.org/view.php?id=CVE-2024-38283
13 Jun 2024 — Sensitive customer information is stored in the device without encryption. La información confidencial del cliente se almacena en el dispositivo sin cifrado. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-19 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38282 – Insufficiently Protected Credentials in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)
https://notcve.org/view.php?id=CVE-2024-38282
13 Jun 2024 — Utilizing default credentials, an attacker is able to log into the camera's operating system which could allow changes to be made to the operations or shutdown the camera requiring a physical reboot of the system. Al utilizar las credenciales predeterminadas, un atacante puede iniciar sesión en el sistema operativo de la cámara, lo que podría permitir realizar cambios en las operaciones o apagar la cámara, lo que requeriría un reinicio físico del sistema. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-19 • CWE-522: Insufficiently Protected Credentials •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38281 – Use of Hard-coded Credentials in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)
https://notcve.org/view.php?id=CVE-2024-38281
13 Jun 2024 — An attacker can access the maintenance console using hard coded credentials for a hidden wireless network on the device. Un atacante puede acceder a la consola de mantenimiento utilizando credenciales codificadas para una red inalámbrica oculta en el dispositivo. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-19 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38280 – Cleartext Storage in a File or on Disk in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)
https://notcve.org/view.php?id=CVE-2024-38280
13 Jun 2024 — An unauthorized user is able to gain access to sensitive data, including credentials, by physically retrieving the hard disk of the product as the data is stored in clear text. Un usuario no autorizado puede obtener acceso a datos confidenciales, incluidas las credenciales, recuperando físicamente el disco duro del producto, ya que los datos se almacenan en texto plano. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-19 • CWE-313: Cleartext Storage in a File or on Disk •