GCVE - cpe:2.3:h:motorola:m2:-:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:h:motorola:m2:-:*:*:*:*:*:*:*

part: h version: - update: *

Vendor	Motorola (`7a59928e-a07c-5317-adab-c9b7f35b7f98`)
Product	M2 (`6994df46-f7b2-5802-a7a4-68a087c2ad87`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2019-9121`	not_vulnerable	2026-06-03 14:40:48.744373	Details available An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetSmartQoSSettings API function, as demonstrated by shell metacharacters in the smartqos_priority_devices field. Published: 2019-03-07T22:00:00.000Z Updated: 2024-08-04T21:38:46.394Z Open on db.gcve.eu Reference links https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetSmartQoSSettings.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-9120`	not_vulnerable	2026-06-03 14:40:48.743997	Details available An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetWLanACLSettings API function, as demonstrated by shell metacharacters in the wl(0).(0)_maclist field. Published: 2019-03-07T22:00:00.000Z Updated: 2024-08-04T21:38:46.579Z Open on db.gcve.eu Reference links https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetWLanACLSettings.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-9119`	not_vulnerable	2026-06-03 14:40:48.743509	Details available An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetStaticRouteSettings API function, as demonstrated by shell metacharacters in the staticroute_list field. Published: 2019-03-07T22:00:00.000Z Updated: 2024-08-04T21:38:46.547Z Open on db.gcve.eu Reference links https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetStaticRouteSettings.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-9118`	not_vulnerable	2026-06-03 14:40:48.743107	Details available An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetNTPServerSettings API function, as demonstrated by shell metacharacters in the system_time_timezone field. Published: 2019-03-07T22:00:00.000Z Updated: 2024-08-04T21:38:46.526Z Open on db.gcve.eu Reference links https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetNTPServerSettings.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-9117`	not_vulnerable	2026-06-03 14:40:48.741634	Details available An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetNetworkTomographySettings API function, as demonstrated by shell metacharacters in the tomography_ping_number field. Published: 2019-03-07T22:00:00.000Z Updated: 2024-08-04T21:38:46.431Z Open on db.gcve.eu Reference links https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetNetworkTomographySettings.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-12297`	not_vulnerable	2026-06-03 14:39:34.633143	Details available An issue was discovered in scopd on Motorola routers CX2 1.01 and M2 1.01. There is a Use of an Externally Controlled Format String, reachable via TCP port 8010 or UDP port 8080. Published: 2019-05-23T13:02:06.000Z Updated: 2024-08-04T23:17:39.617Z Open on db.gcve.eu Reference links https://github.com/TeamSeri0us/pocs/blob/master/iot/morouter_fmtVuln.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-11322`	not_vulnerable	2026-06-03 14:39:32.673712	Details available An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the function startRmtAssist in hnap, which leads to remote code execution via shell metacharacters in a JSON value. Published: 2019-04-18T16:47:47.000Z Updated: 2024-08-04T22:48:09.202Z Open on db.gcve.eu Reference links https://github.com/TeamSeri0us/pocs/blob/master/iot/motorola.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-11321`	not_vulnerable	2026-06-03 14:39:32.673352	Details available An issue was discovered in Motorola CX2 1.01 and M2 1.01. The router opens TCP port 8010. Users can send hnap requests to this port without authentication to obtain information such as the MAC addresses of connected client devices. Published: 2019-04-18T16:47:34.000Z Updated: 2024-08-04T22:48:09.172Z Open on db.gcve.eu Reference links https://github.com/TeamSeri0us/pocs/blob/master/iot/motorola.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-11320`	not_vulnerable	2026-06-03 14:39:32.672960	Details available In Motorola CX2 1.01 and M2 1.01, users can access the router's /priv_mgt.html web page to launch telnetd, as demonstrated by the 192.168.51.1 address. Published: 2019-04-18T16:47:00.000Z Updated: 2024-08-04T22:48:09.147Z Open on db.gcve.eu Reference links https://github.com/TeamSeri0us/pocs/blob/master/iot/motorola.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-11319`	not_vulnerable	2026-06-03 14:39:32.672485	Details available An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the function downloadFirmware in hnap, which leads to remote code execution via shell metacharacters in a JSON value. Published: 2019-04-18T16:46:36.000Z Updated: 2024-08-04T22:48:09.095Z Open on db.gcve.eu Reference links https://github.com/TeamSeri0us/pocs/blob/master/iot/motorola.pdf	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.