PT-2019-12238 · Motorola · Motorola M2+1

Published

2019-04-18

Updated

2020-08-24

CVE-2019-11322

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Motorola CX2 version 1.01 Motorola M2 version 1.01

Description An issue was discovered that leads to remote code execution via shell metacharacters in a JSON value. This is due to a command injection in the startRmtAssist function in hnap.

Recommendations For Motorola CX2 version 1.01, consider disabling the startRmtAssist function in hnap to prevent command injection until a patch is available. For Motorola M2 version 1.01, consider disabling the startRmtAssist function in hnap to prevent command injection until a patch is available.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2019-11322

Affected Products

Motorola Cx2

Motorola M2

PT-2019-12238 · Motorola · Motorola M2+1

CVE-2019-11322

Weakness Enumeration

Related Identifiers

Affected Products

References · 3