PT-2019-12235 · Motorola · Motorola M2+1
Publicado
2019-04-18
·
Atualizado
2020-08-24
·
CVE-2019-11319
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Motorola CX2 version 1.01
Motorola M2 version 1.01
Description
A command injection issue in the
downloadFirmware function within the hnap module allows for remote code execution. This is achieved by using shell metacharacters in a JSON value.Recommendations
For Motorola CX2 version 1.01, consider disabling the
downloadFirmware function in hnap until a patch is available.
For Motorola M2 version 1.01, restrict access to the hnap module to minimize the risk of exploitation.Exploit
Correção
OS Command Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Motorola Cx2
Motorola M2