Remote Code Execution via Command Injection in Motorola CX2 and M2 Firmware Download Function
CVE-2019-11319 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the function downloadFirmware in hnap, which leads to remote code execution via shell metacharacters in a JSON value.
Learn more about our Web Application Penetration Testing UK.