CVE-2019-15513 Information
Feb 14, 2021
cve
Description
An issue was discovered in OpenWrt libuci (aka Library for the Unified Configuration Interface) before 15.05.1 as used on Motorola CX2L MWR04L 1.01 and C1 MWR03 1.01 devices. /tmp/.uci/network locking is mishandled after reception of a long SetWanSettings command leading to a device hang.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Reference
https://git.openwrt.org/?p=project/uci.git;a=commitdiff;h=19e29ffc15dbd958e8e6a648ee0982c68353516f https://github.com/TeamSeri0us/pocs/blob/master/iot/morouter/motorolaE8B7AFE794B1E599A8E69687E4BBB6E8A7A3E99481E6BC8FE6B49E.pdf https://lists.infradead.org/pipermail/openwrt-devel/2019-November/019736.html
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
NONE
Base Score
HIGH
Base Severity
7.5
Share on: