CVE-2024-45880

EUVD-2024-41643
A command injection vulnerability exists in Motorola CX2L router v1.0.2 and below. The vulnerability is present in the SetStationSettings function. The system directly invokes the system function to execute commands for setting parameters such as MAC address without proper input filtering. This allows malicious users to inject and execute arbitrary commands.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8 HIGH
ADJACENT_NETWORK
LOW
LOW
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
motorolacx2l_firmware
𝑥
≤ 1.0.2
ADP
Common Weakness Enumeration
References
https://github.com/N1nEmAn/wp/blob/main/m0tOrol%40-Cx2l.pdf