CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 0CVE-2024-45880
https://notcve.org/view.php?id=CVE-2024-45880
08 Oct 2024 — A command injection vulnerability exists in Motorola CX2L router v1.0.2 and below. The vulnerability is present in the SetStationSettings function. The system directly invokes the system function to execute commands for setting parameters such as MAC address without proper input filtering. This allows malicious users to inject and execute arbitrary commands. • https://github.com/N1nEmAn/wp/blob/main/m0tOrol%40-Cx2l.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25360
https://notcve.org/view.php?id=CVE-2024-25360
12 Feb 2024 — A hidden interface in Motorola CX2L Router firmware v1.0.1 leaks information regarding the SystemWizardStatus component via sending a crafted request to device_web_ip. Una interfaz oculta en Motorola CX2L Router firmware v1.0.1, filtra información sobre el componente SystemWizardStatus mediante el envío de una solicitud manipulada a device_web_ip. • https://github.com/leetsun/Hints/tree/main/moto-CX2L/4 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 9.0EPSS: 10%CPEs: 2EXPL: 1CVE-2023-31528
https://notcve.org/view.php?id=CVE-2023-31528
11 May 2023 — Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the staticroute_list parameter. • https://github.com/leetsun/IoT/tree/main/Motorola-CX2L/CI2 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 10%CPEs: 2EXPL: 1CVE-2023-31529
https://notcve.org/view.php?id=CVE-2023-31529
11 May 2023 — Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the system_time_timezone parameter. • https://github.com/leetsun/IoT/tree/main/Motorola-CX2L/CI1 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 10%CPEs: 2EXPL: 1CVE-2023-31530
https://notcve.org/view.php?id=CVE-2023-31530
11 May 2023 — Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the smartqos_priority_devices parameter. • https://github.com/leetsun/IoT/tree/main/Motorola-CX2L/CI4 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 10%CPEs: 2EXPL: 1CVE-2023-31531
https://notcve.org/view.php?id=CVE-2023-31531
11 May 2023 — Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the tomography_ping_number parameter. • https://github.com/leetsun/IoT/tree/main/Motorola-CX2L/CI3 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2019-15513
https://notcve.org/view.php?id=CVE-2019-15513
23 Aug 2019 — An issue was discovered in OpenWrt libuci (aka Library for the Unified Configuration Interface) before 15.05.1 as used on Motorola CX2L MWR04L 1.01 and C1 MWR03 1.01 devices. /tmp/.uci/network locking is mishandled after reception of a long SetWanSettings command, leading to a device hang. Se detecto un problema un problema en OpenWrt libuci (también conocida como Biblioteca para la Interfaz de Configuración Unificada) en versiones anteriores a la 15.05.1 como se utiliza en los dispositivos Motorola CX2L MW... • https://git.openwrt.org/?p=project/uci.git%3Ba=commitdiff%3Bh=19e29ffc15dbd958e8e6a648ee0982c68353516f • CWE-667: Improper Locking •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-13129
https://notcve.org/view.php?id=CVE-2019-13129
01 Jul 2019 — On the Motorola router CX2L MWR04L 1.01, there is a stack consumption (infinite recursion) issue in scopd via TCP port 8010 and UDP port 8080. It is caused by snprintf and inappropriate length handling. En el router Motorola CX2L MWR04L versión 1.01, hay un problema de consumo de pila (recursión infinita) en scopd a través del puerto TCP 8010 y el puerto UDP 8080. Está causado por snprintf y el manejo inadecuado de longitud. • https://github.com/TeamSeri0us/pocs/blob/master/iot/morouter/morouter_stackoverflow.pdf • CWE-674: Uncontrolled Recursion •