Potential Impact : Unauthorized Access, Denial of Service
Severity : High
Scope of Impact : Motorola specific
CVE Identifier : CVE-2022-4001, CVE-2022-4002, CVE-2022-4003
Summary Description :
The following vulnerabilities were reported in the Motorola Q14 Mesh Router.
CVE-2022-4001 : An authentication bypass vulnerability could allow an attacker to access API functions without authentication.
CVE-2022-4002 : A command injection vulnerability could allow an authenticated user to execute operating system commands as root via a specially crafted API request.
CVE-2022-4003 : A denial-of-service vulnerability could allow an authenticated user to trigger an internal service restart via a specially crafted API request.
Mitigation Strategy for Customers (what you should do to protect yourself) :
Update Motorola Q14 Mesh Router firmware to v188.8.131.52 or later.