Vulnerability CVE-2019-15513

Vulnerability CVE-2019-15513

Published: 2019-08-23

Description:

An issue was discovered in OpenWrt libuci (aka Library for the Unified Configuration Interface) as used on Motorola CX2L MWR04L 1.01 and C1 MWR03 1.01 devices. /tmp/.uci/network locking is mishandled after reception of a long SetWanSettings command, leading to a device hang.

Type:

CWE-20

(Improper Input Validation)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score	Impact Subscore	Exploitability Subscore
7.8/10	6.9/10	10/10

Exploit range	Attack complexity	Authentication
Remote	Low	No required
Confidentiality impact	Integrity impact	Availability impact
None	None	Complete

Affected software
Openwrt -> Libuci
Motorola -> C1 mwr03 firmware
Motorola -> Cx2l mwr04l firmware

References:

https://github.com/TeamSeri0us/pocs/blob/master/iot/morouter/motorola%E8%B7%AF%E7%94%B1%E5%99%A8%E6%96%87%E4%BB%B6%E8%A7%A3%E9%94%81%E6%BC%8F%E6%B4%9E.pdf

Vulnerability CVE-2019-15513

An issue was discovered in OpenWrt libuci (aka Library for the Unified Configuration Interface) as used on Motorola CX2L MWR04L 1.01 and C1 MWR03 1.01 devices. /tmp/.uci/network locking is mishandled after reception of a long SetWanSettings command, leading to a device hang.

CWE-20

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)

7.8/10

6.9/10

10/10

Remote

Low

No required

None

None

Complete

Affected software

References: