Vulnerability Description
An issue was discovered in OpenWrt libuci (aka Library for the Unified Configuration Interface) before 15.05.1 as used on Motorola CX2L MWR04L 1.01 and C1 MWR03 1.01 devices. /tmp/.uci/network locking is mishandled after reception of a long SetWanSettings command, leading to a device hang.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openwrt | Libuci | - |
| Motorola | Cx2L Mwr04L Firmware | 1.01 |
| Motorola | Cx2L Mwr04L | - |
| Motorola | C1 Mwr03 Firmware | 1.01 |
| Motorola | C1 Mwr03 | - |
Related Weaknesses (CWE)
References
- https://git.openwrt.org/?p=project/uci.git%3Ba=commitdiff%3Bh=19e29ffc15dbd958e8
- https://github.com/TeamSeri0us/pocs/blob/master/iot/morouter/motorola%E8%B7%AF%EExploitThird Party Advisory
- https://lists.infradead.org/pipermail/openwrt-devel/2019-November/019736.html
- https://lists.openwrt.org/pipermail/openwrt-devel/2019-November/025453.html
- https://git.openwrt.org/?p=project/uci.git%3Ba=commitdiff%3Bh=19e29ffc15dbd958e8
- https://github.com/TeamSeri0us/pocs/blob/master/iot/morouter/motorola%E8%B7%AF%EExploitThird Party Advisory
- https://lists.infradead.org/pipermail/openwrt-devel/2019-November/019736.html
- https://lists.openwrt.org/pipermail/openwrt-devel/2019-November/025453.html
FAQ
What is CVE-2019-15513?
CVE-2019-15513 is a vulnerability with a CVSS score of 7.5 (HIGH). An issue was discovered in OpenWrt libuci (aka Library for the Unified Configuration Interface) before 15.05.1 as used on Motorola CX2L MWR04L 1.01 and C1 MWR03 1.01 devices. /tmp/.uci/network locking...
How severe is CVE-2019-15513?
CVE-2019-15513 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-15513?
Check the references section above for vendor advisories and patch information. Affected products include: Openwrt Libuci, Motorola Cx2L Mwr04L Firmware, Motorola Cx2L Mwr04L, Motorola C1 Mwr03 Firmware, Motorola C1 Mwr03.