PT-2019-12238 · Motorola · Motorola M2+1

Publicado

2019-04-18

Atualizado

2020-08-24

CVE-2019-11322

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Motorola CX2 version 1.01 Motorola M2 version 1.01

Description An issue was discovered that leads to remote code execution via shell metacharacters in a JSON value. This is due to a command injection in the startRmtAssist function in hnap.

Recommendations For Motorola CX2 version 1.01, consider disabling the startRmtAssist function in hnap to prevent command injection until a patch is available. For Motorola M2 version 1.01, consider disabling the startRmtAssist function in hnap to prevent command injection until a patch is available.

Exploit

Correção

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78

Identificadores relacionados

CVE-2019-11322

Produtos afetados

Motorola Cx2

Motorola M2

PT-2019-12238 · Motorola · Motorola M2+1

CVE-2019-11322

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3