Potential Impact: Unauthorized Access, Denial of Service
Severity: High
Scope of Impact: Motorola-specific
CVE Identifier: CVE-2022-4001, CVE-2022-4002, CVE-2022-4003
Description:
CVE-2022-4001: An authentication bypass vulnerability could allow an attacker to access API functions without authentication.
CVE-2022-4002: A command injection vulnerability could allow an authenticated user to execute operating system commands as root via a specially crafted API request.
CVE-2022-4003: A denial-of-service vulnerability could allow an authenticated user to trigger an internal service restart via a specially crafted API request.
Mitigation Strategy for Customers (what you should do to protect yourself):
Update to firmware v1.5.0.16 or later
Note: Q14 devices automatically update when they are connected to the internet.