CVE-2019-9119 - OpenCVE

An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetStaticRouteSettings API function, as demonstrated by shell metacharacters in the staticroute_list field.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Motorola	C1 C1 Firmware M2 M2 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:motorola:m2_firmware:1.07:*:*:*:*:*:*:*

cpe:2.3:h:motorola:m2:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:motorola:c1_firmware:1.01:*:*:*:*:*:*:*

cpe:2.3:h:motorola:c1:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetStaticRouteSettings.md

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-03-07T22:00:00

Updated: 2024-08-04T21:38:46.547Z

Reserved: 2019-02-24T00:00:00

Link: CVE-2019-9119

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-03-07T23:29:02.000

Modified: 2019-03-08T18:45:11.710

Link: CVE-2019-9119

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2019-02-24T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetStaticRouteSettings API function, as demonstrated by shell metacharacters in the staticroute_list field."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-03-07T21:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetStaticRouteSettings.md"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9119", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetStaticRouteSettings API function, as demonstrated by shell metacharacters in the staticroute_list field."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetStaticRouteSettings.md", "refsource": "MISC", "url": "https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetStaticRouteSettings.md"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T21:38:46.547Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetStaticRouteSettings.md"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-9119", "datePublished": "2019-03-07T22:00:00", "dateReserved": "2019-02-24T00:00:00", "dateUpdated": "2024-08-04T21:38:46.547Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:motorola:m2_firmware:1.07:*:*:*:*:*:*:*", "matchCriteriaId": "22541821-3FE7-42DF-AEA2-192FD4C93387", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:motorola:m2:-:*:*:*:*:*:*:*", "matchCriteriaId": "97CFCECE-3099-4852-8AA1-AADA2D148B19", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:motorola:c1_firmware:1.01:*:*:*:*:*:*:*", "matchCriteriaId": "656E7770-6B90-4629-981D-85C9CD503F52", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:motorola:c1:-:*:*:*:*:*:*:*", "matchCriteriaId": "FEAE49CA-2A01-4680-B3F2-A45CBC3BFFC4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetStaticRouteSettings API function, as demonstrated by shell metacharacters in the staticroute_list field."}, {"lang": "es", "value": "Se ha descubierto un problema con los dispositivos C1 y M2 de Motorola con versiones de firmware 1.01 y 1.07. Este fallo es una inyecci\u00f3n de comandos que permite a un atacante remoto ejecutar c\u00f3digo arbitrario y obtener un shell root. Una vulnerabilidad de inyecci\u00f3n de comandos permite a los atacantes ejecutar comandos arbitrarios del sistema operativo mediante una petici\u00f3n POST /HNAP1 manipulada. Esto ocurre cuando cualquier funci\u00f3n API HNAP provoca una llamada a la funci\u00f3n \"system\" con entradas no fiables del cuerpo \"request\" para la funci\u00f3n API SetStaticRouteSettings, tal y como queda demostrado con metacaracteres shell en el campo staticroute_list."}], "id": "CVE-2019-9119", "lastModified": "2019-03-08T18:45:11.710", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-03-07T23:29:02.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetStaticRouteSettings.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}