Command Injection Vulnerability in Motorola CX2L Router
CVE-2023-31529

8.8HIGH

Key Information:

Vendor: Motorola
Status: Cx2l Firmware
Vendor: CVE Published:; 11 May 2023

Summary

The Motorola CX2L Router version 1.0.1 contains a command injection flaw, which allows an unauthorized attacker to execute arbitrary commands on the device through manipulated input to the system_time_timezone parameter. This vulnerability poses a risk to the device's integrity and overall network security, potentially leading to unauthorized access and control over the router.

References

https://github.com/leetsun/IoT/tree/main/Motorola-CX2L/CI1

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 11, 2023
Vulnerability Reserved
Apr 29, 2023