Sign-up

ID

VAR-201904-0939


CVE

CVE-2019-11321


TITLE

Motorola CX2 and M2 Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2019-003512

DESCRIPTION

An issue was discovered in Motorola CX2 1.01 and M2 1.01. The router opens TCP port 8010. Users can send hnap requests to this port without authentication to obtain information such as the MAC addresses of connected client devices. Motorola CX2 is a wireless router

Trust: 1.71

sources: NVD: CVE-2019-11321 // JVNDB: JVNDB-2019-003512 // VULHUB: VHN-142956

AFFECTED PRODUCTS

vendor:motorolamodel:cx2scope:eqversion:1.01

Trust: 1.8

vendor:motorolamodel:m2scope:eqversion:1.01

Trust: 1.8

sources: JVNDB: JVNDB-2019-003512 // NVD: CVE-2019-11321

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-11321
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-11321
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201904-924
value: MEDIUM

Trust: 0.6

VULHUB: VHN-142956
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-11321
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-142956
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-11321
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-142956 // JVNDB: JVNDB-2019-003512 // CNNVD: CNNVD-201904-924 // NVD: CVE-2019-11321

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.1

problemtype:CWE-200

Trust: 0.9

sources: VULHUB: VHN-142956 // JVNDB: JVNDB-2019-003512 // NVD: CVE-2019-11321

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-924

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201904-924

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003512

PATCH
title:トップページurl:https://www.motorolasolutions.com/ja_jp.html?geo=redirect
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-003512

EXTERNAL IDS
db:NVDid:CVE-2019-11321
Trust: 2.5
db:JVNDBid:JVNDB-2019-003512
Trust: 0.8
db:CNNVDid:CNNVD-201904-924
Trust: 0.7
db:VULHUBid:VHN-142956
Trust: 0.1
sources:
            
            
            VULHUB: VHN-142956 // 
            
            
            
            JVNDB: JVNDB-2019-003512 // 
            
            
            
            CNNVD: CNNVD-201904-924 // 
            
            
            
            NVD: CVE-2019-11321

REFERENCES
url:https://github.com/teamseri0us/pocs/blob/master/iot/motorola.pdf
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-11321
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11321
Trust: 0.8
sources:
            
            
            VULHUB: VHN-142956 // 
            
            
            
            JVNDB: JVNDB-2019-003512 // 
            
            
            
            CNNVD: CNNVD-201904-924 // 
            
            
            
            NVD: CVE-2019-11321

SOURCES
db:VULHUBid:VHN-142956
db:JVNDBid:JVNDB-2019-003512
db:CNNVDid:CNNVD-201904-924
db:NVDid:CVE-2019-11321

LAST UPDATE DATE
2024-11-23T23:11:53.487000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-142956date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-003512date:2019-05-20T00:00:00
db:CNNVDid:CNNVD-201904-924date:2020-08-25T00:00:00
db:NVDid:CVE-2019-11321date:2024-11-21T04:20:52.980

SOURCES RELEASE DATE
db:VULHUBid:VHN-142956date:2019-04-18T00:00:00
db:JVNDBid:JVNDB-2019-003512date:2019-05-20T00:00:00
db:CNNVDid:CNNVD-201904-924date:2019-04-18T00:00:00
db:NVDid:CVE-2019-11321date:2019-04-18T17:29:01.117