Remote Code Execution via Command Injection in Motorola CX2 and M2 Firmware Download Function

Remote Code Execution via Command Injection in Motorola CX2 and M2 Firmware Download Function

CVE-2019-11319 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the function downloadFirmware in hnap, which leads to remote code execution via shell metacharacters in a JSON value.

Learn more about our Web Application Penetration Testing UK.