7.8

CVE-2019-15513

Exploit

EPSS 0.48%
Veröffentlicht 23.08.2019 07:15:10
Zuletzt bearbeitet 21.11.2024 04:28:54
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

An issue was discovered in OpenWrt libuci (aka Library for the Unified Configuration Interface) before 15.05.1 as used on Motorola CX2L MWR04L 1.01 and C1 MWR03 1.01 devices. /tmp/.uci/network locking is mishandled after reception of a long SetWanSettings command, leading to a device hang.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Openwrt ≫ Libuci Version-

Motorola ≫ Cx2l Mwr04l Firmware Version1.01

Motorola ≫ Cx2l Mwr04l Version-

Motorola ≫ C1 Mwr03 Firmware Version1.01

Motorola ≫ C1 Mwr03 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.48%	0.625

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:N/A:C

CWE-667 Improper Locking

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

https://git.openwrt.org/?p=project/uci.git%3Ba=commitdiff%3Bh=19e29ffc15dbd958e8e6a648ee0982c68353516f

https://github.com/TeamSeri0us/pocs/blob/master/iot/morouter/motorola%E8%B7%AF%E7%94%B1%E5%99%A8%E6%96%87%E4%BB%B6%E8%A7%A3%E9%94%81%E6%BC%8F%E6%B4%9E.pdf

Third Party Advisory

Exploit

https://lists.infradead.org/pipermail/openwrt-devel/2019-November/019736.html

https://lists.openwrt.org/pipermail/openwrt-devel/2019-November/025453.html

https://nvd.nist.gov/vuln/detail/CVE-2019-15513

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-15513

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-15513

EUVD