An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the function downloadFirmware in hnap, which leads to remote code execution via shell metacharacters in a JSON value.
CPE | Name | Operator | Version |
---|---|---|---|
cx2_firmware | eq | 1.01 | |
m2_firmware | eq | 1.01 |