Описание
An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the function downloadFirmware in hnap, which leads to remote code execution via shell metacharacters in a JSON value.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:motorola:cx2_firmware:1.01:*:*:*:*:*:*:*
cpe:2.3:h:motorola:cx2:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:o:motorola:m2_firmware:1.01:*:*:*:*:*:*:*
cpe:2.3:h:motorola:m2:-:*:*:*:*:*:*:*
EPSS
Процентиль: 89%
0.04516
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-78
Связанные уязвимости
github
больше 3 лет назад
An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the function downloadFirmware in hnap, which leads to remote code execution via shell metacharacters in a JSON value.
EPSS
Процентиль: 89%
0.04516
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-78