First published: Thu Mar 07 2019(Updated: )
An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetStaticRouteSettings API function, as demonstrated by shell metacharacters in the staticroute_list field.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Motorola M2 Firmware | =1.07 | |
Motorola M2 | ||
Motorola C1 Firmware | =1.01 | |
Motorola C1 | ||
All of | ||
Motorola M2 Firmware | =1.07 | |
Motorola M2 | ||
All of | ||
Motorola C1 Firmware | =1.01 | |
Motorola C1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2019-9119 is critical with a score of 9.8.
Motorola C1 and M2 devices with firmware versions 1.01 and 1.07 respectively are affected by CVE-2019-9119.
CVE-2019-9119 is a command injection vulnerability that allows a remote attacker to execute arbitrary code and gain a root shell.
An attacker can exploit CVE-2019-9119 by crafting malicious commands that can be executed on the affected devices.
Make sure to update the firmware on Motorola C1 devices to version 1.01 and on M2 devices to version 1.07 to mitigate the vulnerability.