CVE-2023-31530
Published: 11 May 2023
Summary
CVE-2023-31530 is a high-severity Command Injection (CWE-77) vulnerability in Motorola Cx2L Firmware. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 6.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
Motorola CX2L Router version 1.0.1 contains a command injection vulnerability, tracked as CVE-2023-31530 and assigned CWE-77, that affects the smartqos_priority_devices parameter. The flaw received a CVSS 3.1 score of 8.8, reflecting network attack vector, low attack complexity, and low required privileges without user interaction, resulting in high impact to confidentiality, integrity, and availability.
An authenticated attacker with network access can supply crafted input to the affected parameter and execute arbitrary commands on the device, enabling full compromise of the router's configuration and traffic handling.
The two provided references point to the same public GitHub repository containing proof-of-concept material for the issue, but contain no vendor advisory, patch information, or mitigation guidance. The associated EPSS score has remained flat at 0.1187 with no material increase since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-35833
Vulnerability details
Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the smartqos_priority_devices parameter.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.