Command Injection Vulnerability in API Could Allow Root Access
CVE-2022-4002

7.2HIGH

Key Information:

Vendor: Motorola
Status: Q14 Mesh Router Firmware
Vendor: CVE Published:; 31 July 2024

What is CVE-2022-4002?

A command injection vulnerability in Motorola Q14 Mesh Routers allows authenticated users to execute arbitrary operating system commands as root. This vulnerability can be exploited through specially crafted API requests, potentially leading to a breach of system integrity and unauthorized access to sensitive data. Users of affected products are advised to implement security best practices and monitor for updates from the vendor.

Affected Version(s)

Q14 Mesh Router Firmware 0 < 1.5.0.16

References

https://en-us.support.motorola.com/app/answers/detail/a_i...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 31, 2024
Vulnerability Reserved
Nov 15, 2022