CVE-2019-15513

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An issue was discovered in OpenWrt libuci (aka Library for the Unified Configuration Interface) before 15.05.1 as used on Motorola CX2L MWR04L 1.01 and C1 MWR03 1.01 devices. /tmp/.uci/network locking is mishandled after reception of a long SetWanSettings command, leading to a device hang.

Se detecto un problema un problema en OpenWrt libuci (también conocida como Biblioteca para la Interfaz de Configuración Unificada) en versiones anteriores a la 15.05.1 como se utiliza en los dispositivos Motorola CX2L MWR04L 1.01 y C1 MWR03 1.01. /tmp/.uci/network locking se maneja incorrectamente después de la recepción de un comando SetWanSettings largo, lo que lleva a un bloqueo del dispositivo.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2019-08-23 CVE Reserved
2019-08-23 CVE Published
2024-08-05 CVE Updated
2024-08-05 First Exploit
2024-08-16 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-667: Improper Locking

CAPEC

References (4)

URL	Tag	Source
https://git.openwrt.org/?p=project/uci.git%3Ba=commitdiff%3Bh=19e29ffc15dbd958e8e6a648ee0982c68353516f	X_refsource_confirm
https://lists.infradead.org/pipermail/openwrt-devel/2019-November/019736.html	X_refsource_misc
https://lists.openwrt.org/pipermail/openwrt-devel/2019-November/025453.html	X_refsource_misc

URL	Date	SRC
https://github.com/TeamSeri0us/pocs/blob/master/iot/morouter/motorola%E8%B7%AF%E7%94%B1%E5%99%A8%E6%96%87%E4%BB%B6%E8%A7%A3%E9%94%81%E6%BC%8F%E6%B4%9E.pdf	2024-08-05

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Motorola Search vendor "Motorola"	Cx2l Mwr04l Firmware Search vendor "Motorola" for product "Cx2l Mwr04l Firmware"	1.01 Search vendor "Motorola" for product "Cx2l Mwr04l Firmware" and version "1.01"	-	Affected	in	Motorola Search vendor "Motorola"	Cx2l Mwr04l Search vendor "Motorola" for product "Cx2l Mwr04l"	-	-	Safe
Motorola Search vendor "Motorola"	C1 Mwr03 Firmware Search vendor "Motorola" for product "C1 Mwr03 Firmware"	1.01 Search vendor "Motorola" for product "C1 Mwr03 Firmware" and version "1.01"	-	Affected	in	Motorola Search vendor "Motorola"	C1 Mwr03 Search vendor "Motorola" for product "C1 Mwr03"	-	-	Safe
Openwrt Search vendor "Openwrt"		Libuci Search vendor "Openwrt" for product "Libuci"				-		-		Affected