Command Injection Vulnerability in Motorola CX2L Router by Motorola
CVE-2023-31530

8.8HIGH

Key Information:

Vendor: Motorola
Status: Cx2l Firmware
Vendor: CVE Published:; 11 May 2023

What is CVE-2023-31530?

The Motorola CX2L Router version 1.0.1 is susceptible to a command injection vulnerability due to improper handling of the 'smartqos_priority_devices' parameter. This flaw allows attackers to execute arbitrary commands on the device, potentially compromising network integrity and exposing sensitive information. Users are advised to evaluate their network configurations and apply necessary mitigations to enhance their security posture.

References

https://github.com/leetsun/IoT/tree/main/Motorola-CX2L/CI4

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 11, 2023
Vulnerability Reserved
Apr 29, 2023