Vulnerability Details : CVE-2019-15513
An issue was discovered in OpenWrt libuci (aka Library for the Unified Configuration Interface) before 15.05.1 as used on Motorola CX2L MWR04L 1.01 and C1 MWR03 1.01 devices. /tmp/.uci/network locking is mishandled after reception of a long SetWanSettings command, leading to a device hang.
Products affected by CVE-2019-15513
- cpe:2.3:o:motorola:cx2l_mwr04l_firmware:1.01:*:*:*:*:*:*:*
- cpe:2.3:o:motorola:c1_mwr03_firmware:1.01:*:*:*:*:*:*:*
- cpe:2.3:a:openwrt:libuci:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-15513
0.40%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 74 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-15513
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2019-15513
-
The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-15513
-
https://git.openwrt.org/?p=project/uci.git;a=commitdiff;h=19e29ffc15dbd958e8e6a648ee0982c68353516f
git.openwrt.org Git - project/uci.git/commitdiff
-
https://github.com/TeamSeri0us/pocs/blob/master/iot/morouter/motorola%E8%B7%AF%E7%94%B1%E5%99%A8%E6%96%87%E4%BB%B6%E8%A7%A3%E9%94%81%E6%BC%8F%E6%B4%9E.pdf
pocs/motorola路由器文件解锁漏洞.pdf at master · TeamSeri0us/pocs · GitHubExploit;Third Party Advisory
-
https://lists.infradead.org/pipermail/openwrt-devel/2019-November/019736.html
[OpenWrt-Devel] CVE-2019-15513 analysis
-
https://lists.openwrt.org/pipermail/openwrt-devel/2019-November/025453.html
[OpenWrt-Devel] CVE-2019-15513 analysis
Jump to