Security Flaw in Motorola CX2 Router Exposing Sensitive Credentials
CVE-2020-21933

7.5HIGH

Key Information:

Vendor: Motorola
Status: Cx2 Firmware
Vendor: CVE Published:; 21 July 2021

What is CVE-2020-21933?

A vulnerability exists in the Motorola CX2 Router version 1.0.2 Build 20190508 Rel.97360n, where sensitive information such as the admin password and private key is unintentionally stored within the log tar package. This can potentially allow unauthorized access to the router's administrative functions, posing a significant security risk to users. Users should review their device configurations and logs to ensure that sensitive credentials are not exposed and take appropriate actions to secure their devices.

References

https://github.com/cc-crack/router/blob/master/motocx2.md

x_refsource_MISC

https://l0n0l.xyz/post/motocx2/

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 21, 2021
Vulnerability Reserved
Aug 13, 2020