CVE-2023-31528
Published: 11 May 2023
Summary
CVE-2023-31528 is a high-severity Command Injection (CWE-77) vulnerability in Motorola Cx2L Firmware. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 6.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
Motorola CX2L Router version 1.0.1 contains a command injection vulnerability in the staticroute_list parameter, classified under CWE-77. The flaw received a CVSS 3.1 score of 8.8, reflecting network attack vector, low attack complexity, and requirements for authenticated access without user interaction, resulting in high impact across confidentiality, integrity, and availability.
An authenticated attacker with network access can supply crafted values to the staticroute_list parameter, enabling arbitrary command execution on the device. Successful exploitation grants the ability to read, modify, or delete data and potentially take full control of the router.
Public references consist of two GitHub repositories that document the issue and provide reproduction details. The associated EPSS score remains flat at 0.1187 with no observed increase since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-35831
Vulnerability details
Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the staticroute_list parameter.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.