CVE-2019-15513
HIGHOpenWrt libuci - Denial of Service via Long SetWanSettings Command
Title source: llmDescription
An issue was discovered in OpenWrt libuci (aka Library for the Unified Configuration Interface) before 15.05.1 as used on Motorola CX2L MWR04L 1.01 and C1 MWR03 1.01 devices. /tmp/.uci/network locking is mishandled after reception of a long SetWanSettings command, leading to a device hang.
References (4)
Core 4
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/TeamSeri0us/pocs/blob/master/iot/morouter/motorola%E8%B7%AF%E7%94%B1%E5%99%A8%E6%96%87%E4%BB%B6%E8%A7%A3%E9%94%81%E6%BC%8F%E6%B4%9E.pdf
Various Sources x_refsource_misc
https://lists.infradead.org/pipermail/openwrt-devel/2019-November/019736.html
Various Sources x_refsource_confirm
https://git.openwrt.org/?p=project/uci.git%3Ba=commitdiff%3Bh=19e29ffc15dbd958e8e6a648ee0982c68353516f
Various Sources x_refsource_misc
https://lists.openwrt.org/pipermail/openwrt-devel/2019-November/025453.html
Scores
CVSS v3
7.5
EPSS
0.0175
EPSS Percentile
74.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-667
Status
published
Products (3)
motorola/c1_mwr03_firmware
1.01
motorola/cx2l_mwr04l_firmware
1.01
openwrt/libuci
Published
Aug 23, 2019
Tracked Since
Feb 18, 2026