CVE-2019-9117 - OpenCVE

An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetNetworkTomographySettings API function, as demonstrated by shell metacharacters in the tomography_ping_number field.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Motorola	C1 C1 Firmware M2 M2 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:motorola:m2_firmware:1.07:*:*:*:*:*:*:*

cpe:2.3:h:motorola:m2:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:motorola:c1_firmware:1.01:*:*:*:*:*:*:*

cpe:2.3:h:motorola:c1:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetNetworkTomographySettings.md

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-03-07T22:00:00

Updated: 2024-08-04T21:38:46.431Z

Reserved: 2019-02-24T00:00:00

Link: CVE-2019-9117

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-03-07T23:29:01.923

Modified: 2019-03-08T18:41:36.113

Link: CVE-2019-9117

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2019-02-24T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetNetworkTomographySettings API function, as demonstrated by shell metacharacters in the tomography_ping_number field."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-03-07T21:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetNetworkTomographySettings.md"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9117", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetNetworkTomographySettings API function, as demonstrated by shell metacharacters in the tomography_ping_number field."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetNetworkTomographySettings.md", "refsource": "MISC", "url": "https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetNetworkTomographySettings.md"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T21:38:46.431Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetNetworkTomographySettings.md"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-9117", "datePublished": "2019-03-07T22:00:00", "dateReserved": "2019-02-24T00:00:00", "dateUpdated": "2024-08-04T21:38:46.431Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:motorola:m2_firmware:1.07:*:*:*:*:*:*:*", "matchCriteriaId": "22541821-3FE7-42DF-AEA2-192FD4C93387", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:motorola:m2:-:*:*:*:*:*:*:*", "matchCriteriaId": "97CFCECE-3099-4852-8AA1-AADA2D148B19", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:motorola:c1_firmware:1.01:*:*:*:*:*:*:*", "matchCriteriaId": "656E7770-6B90-4629-981D-85C9CD503F52", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:motorola:c1:-:*:*:*:*:*:*:*", "matchCriteriaId": "FEAE49CA-2A01-4680-B3F2-A45CBC3BFFC4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetNetworkTomographySettings API function, as demonstrated by shell metacharacters in the tomography_ping_number field."}, {"lang": "es", "value": "Se ha descubierto un problema con los dispositivos C1 y M2 de Motorola con versiones de firmware 1.01 y 1.07. Este fallo es una inyacci\u00f3ninyecci\u00f3n de comandos que permite a un atacante remoto ejecutar c\u00f3digo arbitrario y obtener un shell root. Una vulnerabilidad de inyecci\u00f3n de comandos permite a los atacantes ejecutar comandos arbitrarios del sistema operativo mediante una petici\u00f3n POST /HNAP1 manipulada. Esto ocurre cuando cualquier funci\u00f3n API HNAP provoca una llamada a la funci\u00f3n \"system\" con entradas no fiables del cuerpo \"request\" para la funci\u00f3n API SetNetworkTomographySettings, tal y como queda demostrado con metacaracteres shell en el campo tomography_ping_number."}], "id": "CVE-2019-9117", "lastModified": "2019-03-08T18:41:36.113", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-03-07T23:29:01.923", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetNetworkTomographySettings.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}