CVE-2024-45880

{"id": "CVE-2024-45880", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.0, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.1}]}, "published": "2024-10-08T15:15:15.217", "references": [{"url": "https://github.com/N1nEmAn/wp/blob/main/m0tOrol%40-Cx2l.pdf", "source": "cve@mitre.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "A command injection vulnerability exists in Motorola CX2L router v1.0.2 and below. The vulnerability is present in the SetStationSettings function. The system directly invokes the system function to execute commands for setting parameters such as MAC address without proper input filtering. This allows malicious users to inject and execute arbitrary commands."}, {"lang": "es", "value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos en el enrutador Motorola CX2L v1.0.2 y versiones anteriores. La vulnerabilidad est\u00e1 presente en la funci\u00f3n SetStationSettings. El sistema invoca directamente la funci\u00f3n del sistema para ejecutar comandos para configurar par\u00e1metros como la direcci\u00f3n MAC sin el filtrado de entrada adecuado. Esto permite que los usuarios malintencionados inyecten y ejecuten comandos arbitrarios."}], "lastModified": "2024-10-10T12:56:30.817", "sourceIdentifier": "cve@mitre.org"}