CVE-2019-11319: OS Command Injection
First published: Thu Apr 18 2019(Updated: )
An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the function downloadFirmware in hnap, which leads to remote code execution via shell metacharacters in a JSON value.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Motorola Cx2 Firmware | =1.01 | |
| Motorola CX2 | ||
| Motorola M2 Firmware | =1.01 | |
| Motorola M2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2019-11319?
CVE-2019-11319 is a command injection vulnerability in Motorola CX2 1.01 and M2 1.01, which allows remote code execution.
What software versions are affected by CVE-2019-11319?
Motorola CX2 Firmware version 1.01 and Motorola M2 Firmware version 1.01 are affected.
How severe is CVE-2019-11319?
CVE-2019-11319 is classified as critical with a severity value of 9.8.
How can CVE-2019-11319 be exploited?
CVE-2019-11319 can be exploited by injecting malicious commands into the downloadFirmware function in hnap, leading to remote code execution.
Is there a fix for CVE-2019-11319?
At the moment, there is no known fix for CVE-2019-11319. It is recommended to update to a non-vulnerable firmware version or apply any patches provided by the vendor.
- collector/nvd-index
- agent/severity
- agent/author
- agent/event
- vendor/motorola
- canonical/motorola cx2 firmware
- version/motorola cx2 firmware/1.01
- canonical/motorola cx2
- canonical/motorola m2 firmware
- version/motorola m2 firmware/1.01
- canonical/motorola m2