Details of VAR-201905-0492

ID

VAR-201905-0492

CVE

CVE-2019-12297

TITLE

Motorola CX2 and Motorola M2 Format String Error Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-16282 // CNNVD: CNNVD-201905-956

DESCRIPTION

An issue was discovered in scopd on Motorola routers CX2 1.01 and M2 1.01. There is a Use of an Externally Controlled Format String, reachable via TCP port 8010 or UDP port 8080. Motorola CX2 and M2 The router contains a format string vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Motorola M2 and Motorola CX2 are products of Motorola, USA. The Motorola CX2 is a wireless router. A format string error vulnerability exists in scopd in MotorolaCX 21.01 and Motorola M21.01. This vulnerability stems from the lax filtering of parameter types and quantities when network systems or products receive external formatted strings as parameters

Trust: 2.34

sources: NVD: CVE-2019-12297 // JVNDB: JVNDB-2019-004810 // CNVD: CNVD-2019-16282 // VULHUB: VHN-144029 // VULMON: CVE-2019-12297

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-16282

AFFECTED PRODUCTS

vendor:	motorola	model:	cx2	scope:	eq	version:	1.01	Trust: 2.4
vendor:	motorola	model:	m2	scope:	eq	version:	1.01	Trust: 2.4

sources: CNVD: CNVD-2019-16282 // JVNDB: JVNDB-2019-004810 // NVD: CVE-2019-12297

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-12297
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2019-12297
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2019-16282
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201905-956
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-144029
value:	HIGH
Trust: 0.1
VULMON:	CVE-2019-12297
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-12297
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2019-16282
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-144029
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-12297
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-16282 // VULHUB: VHN-144029 // VULMON: CVE-2019-12297 // JVNDB: JVNDB-2019-004810 // CNNVD: CNNVD-201905-956 // NVD: CVE-2019-12297

PROBLEMTYPE DATA

problemtype:

CWE-134

Trust: 1.8

sources: JVNDB: JVNDB-2019-004810 // NVD: CVE-2019-12297

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-956

TYPE

format string error

Trust: 0.6

sources: CNNVD: CNNVD-201905-956

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004810

PATCH

title:

Top Page

url:

https://cn.motorolanetwork.com/

Trust: 0.8

sources: JVNDB: JVNDB-2019-004810

EXTERNAL IDS

db:	NVD	id:	CVE-2019-12297	Trust: 3.2
db:	JVNDB	id:	JVNDB-2019-004810	Trust: 0.8
db:	CNNVD	id:	CNNVD-201905-956	Trust: 0.7
db:	CNVD	id:	CNVD-2019-16282	Trust: 0.6
db:	VULHUB	id:	VHN-144029	Trust: 0.1
db:	VULMON	id:	CVE-2019-12297	Trust: 0.1

sources: CNVD: CNVD-2019-16282 // VULHUB: VHN-144029 // VULMON: CVE-2019-12297 // JVNDB: JVNDB-2019-004810 // CNNVD: CNNVD-201905-956 // NVD: CVE-2019-12297

REFERENCES

url:	https://github.com/teamseri0us/pocs/blob/master/iot/morouter_fmtvuln.md	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12297	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12297	Trust: 0.8
url:	https://github.com/teamseri0us/pocs/blob/master/iot/morouter/morouter_fmtvuln.md	Trust: 0.8
url:	https://web.nvd.nist.gov//vuln/detail/cve-2019-12297	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/134.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2019-16282 // VULHUB: VHN-144029 // VULMON: CVE-2019-12297 // JVNDB: JVNDB-2019-004810 // CNNVD: CNNVD-201905-956 // NVD: CVE-2019-12297

SOURCES

db:	CNVD	id:	CNVD-2019-16282
db:	VULHUB	id:	VHN-144029
db:	VULMON	id:	CVE-2019-12297
db:	JVNDB	id:	JVNDB-2019-004810
db:	CNNVD	id:	CNNVD-201905-956
db:	NVD	id:	CVE-2019-12297

LAST UPDATE DATE

2024-11-23T21:37:22.118000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-16282	date:	2019-06-03T00:00:00
db:	VULHUB	id:	VHN-144029	date:	2019-05-24T00:00:00
db:	VULMON	id:	CVE-2019-12297	date:	2019-05-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-004810	date:	2019-06-10T00:00:00
db:	CNNVD	id:	CNNVD-201905-956	date:	2019-05-27T00:00:00
db:	NVD	id:	CVE-2019-12297	date:	2024-11-21T04:22:34.703

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-16282	date:	2019-06-03T00:00:00
db:	VULHUB	id:	VHN-144029	date:	2019-05-23T00:00:00
db:	VULMON	id:	CVE-2019-12297	date:	2019-05-23T00:00:00
db:	JVNDB	id:	JVNDB-2019-004810	date:	2019-06-10T00:00:00
db:	CNNVD	id:	CNNVD-201905-956	date:	2019-05-23T00:00:00
db:	NVD	id:	CVE-2019-12297	date:	2019-05-23T14:29:07.750