CVE-2019-9120 - Vulnerability Details - OpenCVE

An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetWLanACLSettings API function, as demonstrated by shell metacharacters in the wl(0).(0)_maclist field.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Motorola	C1 C1 Firmware M2 M2 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:motorola:m2_firmware:1.07:*:*:*:*:*:*:*

cpe:2.3:h:motorola:m2:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:motorola:c1_firmware:1.01:*:*:*:*:*:*:*

cpe:2.3:h:motorola:c1:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetWLanACLSettings.md

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-03-07T22:00:00

Updated: 2024-08-04T21:38:46.579Z

Reserved: 2019-02-24T00:00:00

Link: CVE-2019-9120

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-03-07T23:29:02.033

Modified: 2024-11-21T04:51:01.677

Link: CVE-2019-9120

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2019-02-24T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetWLanACLSettings API function, as demonstrated by shell metacharacters in the wl(0).(0)_maclist field."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-03-07T21:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetWLanACLSettings.md"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9120", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetWLanACLSettings API function, as demonstrated by shell metacharacters in the wl(0).(0)_maclist field."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetWLanACLSettings.md", "refsource": "MISC", "url": "https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetWLanACLSettings.md"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T21:38:46.579Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetWLanACLSettings.md"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-9120", "datePublished": "2019-03-07T22:00:00", "dateReserved": "2019-02-24T00:00:00", "dateUpdated": "2024-08-04T21:38:46.579Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:motorola:m2_firmware:1.07:*:*:*:*:*:*:*", "matchCriteriaId": "22541821-3FE7-42DF-AEA2-192FD4C93387", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:motorola:m2:-:*:*:*:*:*:*:*", "matchCriteriaId": "97CFCECE-3099-4852-8AA1-AADA2D148B19", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:motorola:c1_firmware:1.01:*:*:*:*:*:*:*", "matchCriteriaId": "656E7770-6B90-4629-981D-85C9CD503F52", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:motorola:c1:-:*:*:*:*:*:*:*", "matchCriteriaId": "FEAE49CA-2A01-4680-B3F2-A45CBC3BFFC4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetWLanACLSettings API function, as demonstrated by shell metacharacters in the wl(0).(0)_maclist field."}, {"lang": "es", "value": "Se ha descubierto un problema con los dispositivos C1 y M2 de Motorola con versiones de firmware 1.01 y 1.07. Este fallo es una inyecci\u00f3n de comandos que permite a un atacante remoto ejecutar c\u00f3digo arbitrario y obtener un shell root. Una vulnerabilidad de inyecci\u00f3n de comandos permite a los atacantes ejecutar comandos arbitrarios del sistema operativo mediante una petici\u00f3n POST /HNAP1 manipulada. Esto ocurre cuando cualquier funci\u00f3n API HNAP provoca una llamada a la funci\u00f3n \"system\" con entradas no fiables del cuerpo \"request\" para la funci\u00f3n API SetWLanACLSettings, tal y como queda demostrado con metacaracteres shell en el campo wl(0).(0)_maclist."}], "id": "CVE-2019-9120", "lastModified": "2024-11-21T04:51:01.677", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-03-07T23:29:02.033", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetWLanACLSettings.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetWLanACLSettings.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}