Sign-up

ID

VAR-201904-0937


CVE

CVE-2019-11319


TITLE

Motorola CX2 and M2 Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-003510

DESCRIPTION

An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the function downloadFirmware in hnap, which leads to remote code execution via shell metacharacters in a JSON value. Motorola CX2 and M2 Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Motorola CX2 is a wireless router. hnap is one of the Home Network Administration Protocol (home network management protocol). There is a command injection vulnerability in the 'downloadFirmware' function of hnap in Motorola CX2 version 1.01 and Motorola M2 version 1.01. The vulnerability comes from the fact that the network system or product does not correctly filter special elements in the process of constructing executable commands from external input data. Attackers can exploit this vulnerability to execute illegal commands

Trust: 1.8

sources: NVD: CVE-2019-11319 // JVNDB: JVNDB-2019-003510 // VULHUB: VHN-142953 // VULMON: CVE-2019-11319

AFFECTED PRODUCTS

vendor:motorolamodel:cx2scope:eqversion:1.01

Trust: 1.8

vendor:motorolamodel:m2scope:eqversion:1.01

Trust: 1.8

sources: JVNDB: JVNDB-2019-003510 // NVD: CVE-2019-11319

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-11319
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-11319
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201904-900
value: CRITICAL

Trust: 0.6

VULHUB: VHN-142953
value: HIGH

Trust: 0.1

VULMON: CVE-2019-11319
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-11319
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-142953
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-11319
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-142953 // VULMON: CVE-2019-11319 // JVNDB: JVNDB-2019-003510 // CNNVD: CNNVD-201904-900 // NVD: CVE-2019-11319

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.1

problemtype:CWE-77

Trust: 0.9

sources: VULHUB: VHN-142953 // JVNDB: JVNDB-2019-003510 // NVD: CVE-2019-11319

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-900

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201904-900

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003510

PATCH
title:トップページurl:https://www.motorolasolutions.com/ja_jp.html?geo=redirect
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-003510

EXTERNAL IDS
db:NVDid:CVE-2019-11319
Trust: 2.6
db:JVNDBid:JVNDB-2019-003510
Trust: 0.8
db:CNNVDid:CNNVD-201904-900
Trust: 0.7
db:VULHUBid:VHN-142953
Trust: 0.1
db:VULMONid:CVE-2019-11319
Trust: 0.1
sources:
            
            
            VULHUB: VHN-142953 // 
            
            
            
            VULMON: CVE-2019-11319 // 
            
            
            
            JVNDB: JVNDB-2019-003510 // 
            
            
            
            CNNVD: CNNVD-201904-900 // 
            
            
            
            NVD: CVE-2019-11319

REFERENCES
url:https://github.com/teamseri0us/pocs/blob/master/iot/motorola.pdf
Trust: 2.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-11319
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11319
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/78.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-142953 // 
            
            
            
            VULMON: CVE-2019-11319 // 
            
            
            
            JVNDB: JVNDB-2019-003510 // 
            
            
            
            CNNVD: CNNVD-201904-900 // 
            
            
            
            NVD: CVE-2019-11319

SOURCES
db:VULHUBid:VHN-142953
db:VULMONid:CVE-2019-11319
db:JVNDBid:JVNDB-2019-003510
db:CNNVDid:CNNVD-201904-900
db:NVDid:CVE-2019-11319

LAST UPDATE DATE
2024-11-23T22:58:44.693000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-142953date:2020-08-24T00:00:00
db:VULMONid:CVE-2019-11319date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-003510date:2019-05-20T00:00:00
db:CNNVDid:CNNVD-201904-900date:2020-10-28T00:00:00
db:NVDid:CVE-2019-11319date:2024-11-21T04:20:52.713

SOURCES RELEASE DATE
db:VULHUBid:VHN-142953date:2019-04-18T00:00:00
db:VULMONid:CVE-2019-11319date:2019-04-18T00:00:00
db:JVNDBid:JVNDB-2019-003510date:2019-05-20T00:00:00
db:CNNVDid:CNNVD-201904-900date:2019-04-18T00:00:00
db:NVDid:CVE-2019-11319date:2019-04-18T17:29:00.993