CVE-2024-45880

Name of the Vulnerable Software and Affected Versions Motorola CX2L router versions 1.0.2 and below

Description A command injection issue exists, allowing malicious users to inject and execute arbitrary commands. This is due to the system directly invoking the system function to execute commands for setting parameters, such as the MAC address, without proper input filtering. The vulnerability is present in the SetStationSettings function.

Recommendations For versions 1.0.2 and below, consider disabling the SetStationSettings function until a patch is available to prevent command injection attacks. Restrict access to the system function to minimize the risk of exploitation. Avoid using the function to set parameters such as the MAC address until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.