Shodan
Vulnerabilities
Vulnerable Software
Motorola:  Security Vulnerabilities
CVE-2022-4002
A command injection vulnerability could allow an authenticated user to execute operating system commands as root via a specially crafted API request.
CVSS Score
7.2
EPSS Score
0.004
Published
2024-07-31
CVE-2022-4003
A denial-of-service vulnerability could allow an authenticated user to trigger an internal service restart via a specially crafted API request.
CVSS Score
2.7
EPSS Score
0.001
Published
2024-07-31
CVE-2024-38279
The affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password hashes.
CVSS Score
4.6
EPSS Score
0.0
Published
2024-06-13
CVE-2024-38280
An unauthorized user is able to gain access to sensitive data, including credentials, by physically retrieving the hard disk of the product as the data is stored in clear text.
CVSS Score
4.6
EPSS Score
0.001
Published
2024-06-13
CVE-2024-38281
An attacker can access the maintenance console using hard coded credentials for a hidden wireless network on the device.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-06-13
CVE-2024-25360
A hidden interface in Motorola CX2L Router firmware v1.0.1 leaks information regarding the SystemWizardStatus component via sending a crafted request to device_web_ip.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-02-12
CVE-2024-23630
An arbitrary firmware upload vulnerability exists in the Motorola MR2600. An attacker can exploit this vulnerability to achieve code execution on the device. Authentication is required, however can be bypassed.
CVSS Score
9.0
EPSS Score
0.001
Published
2024-01-26
CVE-2024-23627
A command injection vulnerability exists in the 'SaveStaticRouteIPv4Params' parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however can be bypassed.
CVSS Score
9.0
EPSS Score
0.012
Published
2024-01-26
CVE-2024-23628
A command injection vulnerability exists in the 'SaveStaticRouteIPv6Params' parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however can be bypassed.
CVSS Score
9.0
EPSS Score
0.001
Published
2024-01-26
CVE-2024-23629
An authentication bypass vulnerability exists in the web component of the Motorola MR2600. An attacker can exploit this vulnerability to access protected URLs and retrieve sensitive information.
CVSS Score
9.6
EPSS Score
0.001
Published
2024-01-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved