OpenCVE

An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetSmartQoSSettings API function, as demonstrated by shell metacharacters in the smartqos_priority_devices field.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Motorola	C1 C1 Firmware M2 M2 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:motorola:m2_firmware:1.07:*:*:*:*:*:*:*

cpe:2.3:h:motorola:m2:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:motorola:c1_firmware:1.01:*:*:*:*:*:*:*

cpe:2.3:h:motorola:c1:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetSmartQoSSettings.md

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-03-07T22:00:00

Updated: 2024-08-04T21:38:46.394Z

Reserved: 2019-02-24T00:00:00

Link: CVE-2019-9121

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-03-07T23:29:02.063

Modified: 2024-11-21T04:51:01.817

Link: CVE-2019-9121

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2019-02-24T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetSmartQoSSettings API function, as demonstrated by shell metacharacters in the smartqos_priority_devices field."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-03-07T21:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetSmartQoSSettings.md"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9121", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetSmartQoSSettings API function, as demonstrated by shell metacharacters in the smartqos_priority_devices field."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetSmartQoSSettings.md", "refsource": "MISC", "url": "https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetSmartQoSSettings.md"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T21:38:46.394Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetSmartQoSSettings.md"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-9121", "datePublished": "2019-03-07T22:00:00", "dateReserved": "2019-02-24T00:00:00", "dateUpdated": "2024-08-04T21:38:46.394Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:motorola:m2_firmware:1.07:*:*:*:*:*:*:*", "matchCriteriaId": "22541821-3FE7-42DF-AEA2-192FD4C93387", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:motorola:m2:-:*:*:*:*:*:*:*", "matchCriteriaId": "97CFCECE-3099-4852-8AA1-AADA2D148B19", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:motorola:c1_firmware:1.01:*:*:*:*:*:*:*", "matchCriteriaId": "656E7770-6B90-4629-981D-85C9CD503F52", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:motorola:c1:-:*:*:*:*:*:*:*", "matchCriteriaId": "FEAE49CA-2A01-4680-B3F2-A45CBC3BFFC4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body for the SetSmartQoSSettings API function, as demonstrated by shell metacharacters in the smartqos_priority_devices field."}, {"lang": "es", "value": "Se ha descubierto un problema con los dispositivos C1 y M2 de Motorola con versiones de firmware 1.01 y 1.07. Este fallo es una inyecci\u00f3n de comandos que permite a un atacante remoto ejecutar c\u00f3digo arbitrario y obtener un shell root. Una vulnerabilidad de inyecci\u00f3n de comandos permite a los atacantes ejecutar comandos arbitrarios del sistema operativo mediante una petici\u00f3n POST /HNAP1 manipulada. Esto ocurre cuando cualquier funci\u00f3n API HNAP provoca una llamada a la funci\u00f3n \"system\" con entradas no fiables del cuerpo \"request\" para la funci\u00f3n API SetSmartQoSSettings, tal y como queda demostrado con metacaracteres shell en el campo smartqos_priority_devices."}], "id": "CVE-2019-9121", "lastModified": "2024-11-21T04:51:01.817", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-03-07T23:29:02.063", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetSmartQoSSettings.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/lieanu/vuls/blob/master/motorola/M2_C1/SetSmartQoSSettings.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}