Sign-up

ID

VAR-201907-0366


CVE

CVE-2019-13129


TITLE

Motorola CX2L MWR04L Vulnerability related to resource depletion in routers

Trust: 0.8

sources: JVNDB: JVNDB-2019-006085

DESCRIPTION

On the Motorola router CX2L MWR04L 1.01, there is a stack consumption (infinite recursion) issue in scopd via TCP port 8010 and UDP port 8080. It is caused by snprintf and inappropriate length handling. Motorola CX2L MWR04L Routers are vulnerable to resource exhaustion.Service operation interruption (DoS) There is a possibility of being put into a state. The MotorolaCX2LMWR04L is a wireless router from Motorola, USA. A security vulnerability exists in Motorola CX2L MWR04L version 1.01

Trust: 2.25

sources: NVD: CVE-2019-13129 // JVNDB: JVNDB-2019-006085 // CNVD: CNVD-2019-20990 // VULHUB: VHN-144944

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-20990

AFFECTED PRODUCTS

vendor:motorolamodel:cx2l mwr04lscope:eqversion:1.01

Trust: 2.4

sources: CNVD: CNVD-2019-20990 // JVNDB: JVNDB-2019-006085 // NVD: CVE-2019-13129

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-13129
value: HIGH

Trust: 1.0

NVD: CVE-2019-13129
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-20990
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201907-006
value: HIGH

Trust: 0.6

VULHUB: VHN-144944
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-13129
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-20990
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-144944
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-13129
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-20990 // VULHUB: VHN-144944 // JVNDB: JVNDB-2019-006085 // CNNVD: CNNVD-201907-006 // NVD: CVE-2019-13129

PROBLEMTYPE DATA

problemtype:CWE-674

Trust: 1.1

problemtype:CWE-400

Trust: 0.9

sources: VULHUB: VHN-144944 // JVNDB: JVNDB-2019-006085 // NVD: CVE-2019-13129

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-006

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201907-006

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-006085

PATCH
title:トップページurl:https://www.motorolasolutions.com/ja_jp.html?geo=redirect
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-006085

EXTERNAL IDS
db:NVDid:CVE-2019-13129
Trust: 3.1
db:JVNDBid:JVNDB-2019-006085
Trust: 0.8
db:CNNVDid:CNNVD-201907-006
Trust: 0.7
db:CNVDid:CNVD-2019-20990
Trust: 0.6
db:VULHUBid:VHN-144944
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-20990 // 
            
            
            
            VULHUB: VHN-144944 // 
            
            
            
            JVNDB: JVNDB-2019-006085 // 
            
            
            
            CNNVD: CNNVD-201907-006 // 
            
            
            
            NVD: CVE-2019-13129

REFERENCES
url:https://github.com/teamseri0us/pocs/blob/master/iot/morouter/morouter_stackoverflow.pdf
Trust: 3.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-13129
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13129
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-20990 // 
            
            
            
            VULHUB: VHN-144944 // 
            
            
            
            JVNDB: JVNDB-2019-006085 // 
            
            
            
            CNNVD: CNNVD-201907-006 // 
            
            
            
            NVD: CVE-2019-13129

SOURCES
db:CNVDid:CNVD-2019-20990
db:VULHUBid:VHN-144944
db:JVNDBid:JVNDB-2019-006085
db:CNNVDid:CNNVD-201907-006
db:NVDid:CVE-2019-13129

LAST UPDATE DATE
2024-11-23T21:59:50.255000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-20990date:2019-07-03T00:00:00
db:VULHUBid:VHN-144944date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-006085date:2019-07-09T00:00:00
db:CNNVDid:CNNVD-201907-006date:2020-08-25T00:00:00
db:NVDid:CVE-2019-13129date:2024-11-21T04:24:15.373

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-20990date:2019-07-03T00:00:00
db:VULHUBid:VHN-144944date:2019-07-01T00:00:00
db:JVNDBid:JVNDB-2019-006085date:2019-07-09T00:00:00
db:CNNVDid:CNNVD-201907-006date:2019-07-01T00:00:00
db:NVDid:CVE-2019-13129date:2019-07-01T15:15:11.850