7.8

CVE-2019-15513

Exploit

EPSS 0.48%
Published 23.08.2019 07:15:10
Last modified 21.11.2024 04:28:54
Source cve@mitre.org
Teams watchlist Login
Open Login

An issue was discovered in OpenWrt libuci (aka Library for the Unified Configuration Interface) before 15.05.1 as used on Motorola CX2L MWR04L 1.01 and C1 MWR03 1.01 devices. /tmp/.uci/network locking is mishandled after reception of a long SetWanSettings command, leading to a device hang.

Affected products Warnungen 0 Metrics 3 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Openwrt ≫ Libuci Version-

Motorola ≫ Cx2l Mwr04l Firmware Version1.01

Motorola ≫ Cx2l Mwr04l Version-

Motorola ≫ C1 Mwr03 Firmware Version1.01

Motorola ≫ C1 Mwr03 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.48%	0.625

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:N/A:C

CWE-667 Improper Locking

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

https://git.openwrt.org/?p=project/uci.git%3Ba=commitdiff%3Bh=19e29ffc15dbd958e8e6a648ee0982c68353516f

https://github.com/TeamSeri0us/pocs/blob/master/iot/morouter/motorola%E8%B7%AF%E7%94%B1%E5%99%A8%E6%96%87%E4%BB%B6%E8%A7%A3%E9%94%81%E6%BC%8F%E6%B4%9E.pdf

Third Party Advisory

Exploit

https://lists.infradead.org/pipermail/openwrt-devel/2019-November/019736.html

https://lists.openwrt.org/pipermail/openwrt-devel/2019-November/025453.html

https://nvd.nist.gov/vuln/detail/CVE-2019-15513

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-15513

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-15513

EUVD