CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 0CVE-2024-45880
https://notcve.org/view.php?id=CVE-2024-45880
08 Oct 2024 — A command injection vulnerability exists in Motorola CX2L router v1.0.2 and below. The vulnerability is present in the SetStationSettings function. The system directly invokes the system function to execute commands for setting parameters such as MAC address without proper input filtering. This allows malicious users to inject and execute arbitrary commands. • https://github.com/N1nEmAn/wp/blob/main/m0tOrol%40-Cx2l.pdf • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4001
https://notcve.org/view.php?id=CVE-2022-4001
31 Jul 2024 — An authentication bypass vulnerability could allow an attacker to access API functions without authentication. • https://en-us.support.motorola.com/app/answers/detail/a_id/176952/~/motorola-q14-mesh-router-vulnerabilities • CWE-287: Improper Authentication •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4002
https://notcve.org/view.php?id=CVE-2022-4002
31 Jul 2024 — A command injection vulnerability could allow an authenticated user to execute operating system commands as root via a specially crafted API request. • https://en-us.support.motorola.com/app/answers/detail/a_id/176952/~/motorola-q14-mesh-router-vulnerabilities • CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4003
https://notcve.org/view.php?id=CVE-2022-4003
31 Jul 2024 — A denial-of-service vulnerability could allow an authenticated user to trigger an internal service restart via a specially crafted API request. • https://en-us.support.motorola.com/app/answers/detail/a_id/176952/~/motorola-q14-mesh-router-vulnerabilities • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41830
https://notcve.org/view.php?id=CVE-2023-41830
03 May 2024 — An improper absolute path traversal vulnerability was reported for the Ready For application allowing a local application access to files without authorization. Se informó una vulnerabilidad de path traversal absoluta incorrecta para la aplicación Ready For, que permite que una aplicación local acceda a archivos sin autorización. • https://en-us.support.motorola.com/app/answers/detail/a_id/178702 • CWE-36: Absolute Path Traversal •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41828
https://notcve.org/view.php?id=CVE-2023-41828
03 May 2024 — An implicit intent export vulnerability was reported in the Motorola Phone application, that could allow unauthorized access to a non-exported content provider. Se informó una vulnerabilidad de exportación de intención implícita en la aplicación Motorola Phone, que podría permitir el acceso no autorizado a un proveedor de contenido no exportado. • https://en-us.support.motorola.com/app/answers/detail/a_id/178701 • CWE-927: Use of Implicit Intent for Sensitive Communication •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41823
https://notcve.org/view.php?id=CVE-2023-41823
03 May 2024 — An improper export vulnerability was reported in the Motorola Phone Extension application, that could allow a local attacker to execute unauthorized Activities. Se informó una vulnerabilidad de exportación inadecuada en la aplicación Motorola Phone Extension, que podría permitir que un atacante local ejecute actividades no autorizadas. • https://en-us.support.motorola.com/app/answers/detail/a_id/178705 • CWE-926: Improper Export of Android Application Components •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25360
https://notcve.org/view.php?id=CVE-2024-25360
12 Feb 2024 — A hidden interface in Motorola CX2L Router firmware v1.0.1 leaks information regarding the SystemWizardStatus component via sending a crafted request to device_web_ip. Una interfaz oculta en Motorola CX2L Router firmware v1.0.1, filtra información sobre el componente SystemWizardStatus mediante el envío de una solicitud manipulada a device_web_ip. • https://github.com/leetsun/Hints/tree/main/moto-CX2L/4 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-23630 – Motorola MR2600 Arbitrary Firmware Upload Vulnerability
https://notcve.org/view.php?id=CVE-2024-23630
25 Jan 2024 — An arbitrary firmware upload vulnerability exists in the Motorola MR2600. An attacker can exploit this vulnerability to achieve code execution on the device. Authentication is required, however can be bypassed. Existe una vulnerabilidad de carga de firmware arbitraria en el Motorola MR2600. Un atacante puede aprovechar esta vulnerabilidad para lograr la ejecución de código en el dispositivo. • https://blog.exodusintel.com/2024/01/25/motorola-mr2600-arbitrary-firmware-upload-vulnerability • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-23629 – Motorola MR2600 Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-23629
25 Jan 2024 — An authentication bypass vulnerability exists in the web component of the Motorola MR2600. An attacker can exploit this vulnerability to access protected URLs and retrieve sensitive information. Existe una vulnerabilidad de omisión de autenticación en el componente web del Motorola MR2600. Un atacante puede aprovechar esta vulnerabilidad para acceder a URL protegidas y recuperar información confidencial. • https://blog.exodusintel.com/2024/01/25/motorola-mr2600-authentication-bypass-vulnerability • CWE-287: Improper Authentication CWE-863: Incorrect Authorization •