Filtered by vendor Motorola
Subscribe
Total
90 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38701 | 1 Motorola | 20 T008, T008 Firmware, T100 and 17 more | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Certain Motorola Solutions Avigilon devices allow XSS in the administrative UI. This affects T200/201 before 4.10.0.68; T290 before 4.4.0.80; T008 before 2.2.0.86; T205 before 4.12.0.62; T204 before 3.28.0.166; and T100, T101, T102, and T103 before 2.6.0.180. | |||||
| CVE-2020-21937 | 1 Motorola | 2 Cx2, Cx2 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An command injection vulnerability in HNAP1/SetWLanApcliSettings of Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n allows attackers to execute arbitrary system commands. | |||||
| CVE-2020-21936 | 1 Motorola | 2 Cx2, Cx2 Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue in HNAP1/GetMultipleHNAPs of Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n allows attackers to access the components GetStationSettings, GetWebsiteFilterSettings and GetNetworkSettings without authentication. | |||||
| CVE-2020-21935 | 1 Motorola | 2 Cx2, Cx2 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A command injection vulnerability in HNAP1/GetNetworkTomographySettings of Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n allows attackers to execute arbitrary code. | |||||
| CVE-2020-21934 | 1 Motorola | 2 Cx2, Cx2 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n where authentication to download the Syslog could be bypassed. | |||||
| CVE-2020-21933 | 1 Motorola | 2 Cx2, Cx2 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n where the admin password and private key could be found in the log tar package. | |||||
| CVE-2020-21932 | 1 Motorola | 2 Cx2, Cx2 Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in /Login.html of Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n allows attackers to bypass login and obtain a partially authorized token and uid. | |||||
| CVE-2020-10874 | 1 Motorola | 8 Fx9500-41324d41-us, Fx9500-41324d41-us Firmware, Fx9500-41324d41-ww and 5 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Motorola FX9500 devices allow remote attackers to read database files. | |||||
| CVE-2019-9121 | 1 Motorola | 4 C1, C1 Firmware, M2 and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetSmartQoSSettings API function, as demonstrated by shell metacharacters in the smartqos_priority_devices field. | |||||
| CVE-2019-9120 | 1 Motorola | 4 C1, C1 Firmware, M2 and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetWLanACLSettings API function, as demonstrated by shell metacharacters in the wl(0).(0)_maclist field. | |||||
| CVE-2019-9119 | 1 Motorola | 4 C1, C1 Firmware, M2 and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetStaticRouteSettings API function, as demonstrated by shell metacharacters in the staticroute_list field. | |||||
| CVE-2019-9118 | 1 Motorola | 4 C1, C1 Firmware, M2 and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetNTPServerSettings API function, as demonstrated by shell metacharacters in the system_time_timezone field. | |||||
| CVE-2019-9117 | 1 Motorola | 4 C1, C1 Firmware, M2 and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetNetworkTomographySettings API function, as demonstrated by shell metacharacters in the tomography_ping_number field. | |||||
| CVE-2019-16257 | 1 Motorola | 2 Motorola, Motorola Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Some Motorola devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit (STK) instructions in an SMS message, aka Simjacker. | |||||
| CVE-2019-15513 | 2 Motorola, Openwrt | 5 C1 Mwr03, C1 Mwr03 Firmware, Cx2l Mwr04l and 2 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered in OpenWrt libuci (aka Library for the Unified Configuration Interface) before 15.05.1 as used on Motorola CX2L MWR04L 1.01 and C1 MWR03 1.01 devices. /tmp/.uci/network locking is mishandled after reception of a long SetWanSettings command, leading to a device hang. | |||||
| CVE-2019-13129 | 1 Motorola | 2 Cx2l Mwr04l, Cx2l Mwr04l Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| On the Motorola router CX2L MWR04L 1.01, there is a stack consumption (infinite recursion) issue in scopd via TCP port 8010 and UDP port 8080. It is caused by snprintf and inappropriate length handling. | |||||
| CVE-2019-12297 | 1 Motorola | 4 Cx2, Cx2 Firmware, M2 and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in scopd on Motorola routers CX2 1.01 and M2 1.01. There is a Use of an Externally Controlled Format String, reachable via TCP port 8010 or UDP port 8080. | |||||
| CVE-2019-11322 | 1 Motorola | 4 Cx2, Cx2 Firmware, M2 and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the function startRmtAssist in hnap, which leads to remote code execution via shell metacharacters in a JSON value. | |||||
| CVE-2019-11321 | 1 Motorola | 4 Cx2, Cx2 Firmware, M2 and 1 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Motorola CX2 1.01 and M2 1.01. The router opens TCP port 8010. Users can send hnap requests to this port without authentication to obtain information such as the MAC addresses of connected client devices. | |||||
| CVE-2019-11320 | 1 Motorola | 4 Cx2, Cx2 Firmware, M2 and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Motorola CX2 1.01 and M2 1.01, users can access the router's /priv_mgt.html web page to launch telnetd, as demonstrated by the 192.168.51.1 address. | |||||