Command Injection Vulnerability in Motorola CX2 Router
CVE-2020-21935

9.8CRITICAL

Key Information:

Vendor: Motorola
Status: Cx2 Firmware
Vendor: CVE Published:; 21 July 2021

What is CVE-2020-21935?

The Motorola CX2 Router is vulnerable to a command injection flaw in the HNAP1/GetNetworkTomographySettings interface, which allows attackers to execute arbitrary code on the device. This vulnerability occurs due to improper validation of user inputs, enabling malicious actors to manipulate command execution. Users are advised to apply appropriate security measures to safeguard their networks from potential exploitation.

References

https://github.com/cc-crack/router/blob/master/motocx2.md

x_refsource_MISC

https://l0n0l.xyz/post/motocx2/

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 21, 2021
Vulnerability Reserved
Aug 13, 2020