An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the function startRmtAssist in hnap, which leads to remote code execution via shell metacharacters in a JSON value.
Published April 18, 2019.
Motorola M2 Firmware
Motorola Cx2 Firmware