Sign-up

ID

VAR-201904-0940


CVE

CVE-2019-11322


TITLE

Motorola CX2 and M2 Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-003513

DESCRIPTION

An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the function startRmtAssist in hnap, which leads to remote code execution via shell metacharacters in a JSON value. Motorola CX2 and M2 Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Motorola CX2 is a wireless router. hnap is one of the Home Network Administration Protocol (home network management protocol). There is a command injection vulnerability in the 'startRmtAssist' function of hnap in Motorola CX2 version 1.01 and Motorola M2 version 1.01. The vulnerability comes from the fact that the network system or product does not correctly filter special elements in the process of constructing executable commands from external input data. Attackers can exploit this vulnerability to execute illegal commands

Trust: 1.8

sources: NVD: CVE-2019-11322 // JVNDB: JVNDB-2019-003513 // VULHUB: VHN-142957 // VULMON: CVE-2019-11322

AFFECTED PRODUCTS

vendor:motorolamodel:cx2scope:eqversion:1.01

Trust: 1.8

vendor:motorolamodel:m2scope:eqversion:1.01

Trust: 1.8

sources: JVNDB: JVNDB-2019-003513 // NVD: CVE-2019-11322

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-11322
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-11322
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201904-899
value: CRITICAL

Trust: 0.6

VULHUB: VHN-142957
value: HIGH

Trust: 0.1

VULMON: CVE-2019-11322
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-11322
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-142957
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-11322
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-142957 // VULMON: CVE-2019-11322 // JVNDB: JVNDB-2019-003513 // CNNVD: CNNVD-201904-899 // NVD: CVE-2019-11322

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.1

problemtype:CWE-77

Trust: 0.9

sources: VULHUB: VHN-142957 // JVNDB: JVNDB-2019-003513 // NVD: CVE-2019-11322

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-899

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201904-899

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-003513

PATCH
title:トップページurl:https://www.motorolasolutions.com/ja_jp.html?geo=redirect
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-003513

EXTERNAL IDS
db:NVDid:CVE-2019-11322
Trust: 2.6
db:JVNDBid:JVNDB-2019-003513
Trust: 0.8
db:CNNVDid:CNNVD-201904-899
Trust: 0.7
db:VULHUBid:VHN-142957
Trust: 0.1
db:VULMONid:CVE-2019-11322
Trust: 0.1
sources:
            
            
            VULHUB: VHN-142957 // 
            
            
            
            VULMON: CVE-2019-11322 // 
            
            
            
            JVNDB: JVNDB-2019-003513 // 
            
            
            
            CNNVD: CNNVD-201904-899 // 
            
            
            
            NVD: CVE-2019-11322

REFERENCES
url:https://github.com/teamseri0us/pocs/blob/master/iot/motorola.pdf
Trust: 2.6
url:https://nvd.nist.gov/vuln/detail/cve-2019-11322
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11322
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/78.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-142957 // 
            
            
            
            VULMON: CVE-2019-11322 // 
            
            
            
            JVNDB: JVNDB-2019-003513 // 
            
            
            
            CNNVD: CNNVD-201904-899 // 
            
            
            
            NVD: CVE-2019-11322

SOURCES
db:VULHUBid:VHN-142957
db:VULMONid:CVE-2019-11322
db:JVNDBid:JVNDB-2019-003513
db:CNNVDid:CNNVD-201904-899
db:NVDid:CVE-2019-11322

LAST UPDATE DATE
2024-11-23T22:33:56.571000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-142957date:2020-08-24T00:00:00
db:VULMONid:CVE-2019-11322date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-003513date:2019-05-20T00:00:00
db:CNNVDid:CNNVD-201904-899date:2020-10-28T00:00:00
db:NVDid:CVE-2019-11322date:2024-11-21T04:20:53.113

SOURCES RELEASE DATE
db:VULHUBid:VHN-142957date:2019-04-18T00:00:00
db:VULMONid:CVE-2019-11322date:2019-04-18T00:00:00
db:JVNDBid:JVNDB-2019-003513date:2019-05-20T00:00:00
db:CNNVDid:CNNVD-201904-899date:2019-04-18T00:00:00
db:NVDid:CVE-2019-11322date:2019-04-18T17:29:01.197