First published: Fri Aug 23 2019(Updated: )
An issue was discovered in OpenWrt libuci (aka Library for the Unified Configuration Interface) before 15.05.1 as used on Motorola CX2L MWR04L 1.01 and C1 MWR03 1.01 devices. /tmp/.uci/network locking is mishandled after reception of a long SetWanSettings command, leading to a device hang.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
OpenWrt libuci | ||
Motorola Cx2l Mwr04l Firmware | =1.01 | |
Motorola CX2L MWR04L | ||
Motorola C1 Mwr03 Firmware | =1.01 | |
Motorola C1 Mwr03 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-15513 is a vulnerability found in OpenWrt libuci, which is the Library for the Unified Configuration Interface.
CVE-2019-15513 affects the Motorola CX2L MWR04L 1.01 device by mishandling /tmp/.uci/network locking after receiving a long SetWanSettings command, which can lead to a device hang.
CVE-2019-15513 has a severity rating of 7.5 (High).
To fix CVE-2019-15513, it is recommended to update to OpenWrt libuci version 15.05.1 or later.
You can find more information about CVE-2019-15513 at the following references: [Reference 1](https://git.openwrt.org/?p=project/uci.git;a=commitdiff;h=19e29ffc15dbd958e8e6a648ee0982c68353516f), [Reference 2](https://github.com/TeamSeri0us/pocs/blob/master/iot/morouter/motorola%E8%B7%AF%E7%94%B1%E5%99%A8%E6%96%87%E4%BB%B6%E8%A7%A3%E9%94%81%E6%BC%8F%E6%B4%9E.pdf), [Reference 3](https://lists.infradead.org/pipermail/openwrt-devel/2019-November/019736.html).