RSS   Vulnerabilities for 'C1 firmware'   RSS

2019-03-07
 
CVE-2019-9121

CWE-77
 
 
An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetSmartQoSSettings API function, as demonstrated by shell metacharacters in the smartqos_priority_devices field.

 
 
CVE-2019-9120

CWE-78
 
 
An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetWLanACLSettings API function, as demonstrated by shell metacharacters in the wl(0).(0)_maclist field.

 
 
CVE-2019-9119

CWE-78
 
 
An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetStaticRouteSettings API function, as demonstrated by shell metacharacters in the staticroute_list field.

 
 
CVE-2019-9118

CWE-78
 
 
An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetNTPServerSettings API function, as demonstrated by shell metacharacters in the system_time_timezone field.

 
 
CVE-2019-9117

CWE-78
 
 
An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetNetworkTomographySettings API function, as demonstrated by shell metacharacters in the tomography_ping_number field.

 

 >>> Vendor: Motorola 32 Products
Motorola cablerouter
Surfboard
Wr850g
Motorola cable modem
E398
Pebl u6
V600
Motorazr
Timbuktu
Netoctopus
RAZR
Cpei300
Timbuktu pro
Surfboard sbv6120e
Atrix hd
Razr hd
Razr m
Android
Defy xt
Motorola scanner sdk
Moscad ip gateway firmware
Mx011anm firmware
Mbp853 firmware
Sbg901 firmware
Sbg941 firmware
Svg1202 firmware
C1 firmware
M2 firmware
Cx2 firmware
Cx2l mwr04l firmware
C1 mwr03 firmware
Motorola firmware

Copyright 2024, cxsecurity.com

 

Back to Top