Lucene search

[email protected]CVE-2019-12297

HistoryMay 23, 2019 - 2:29 p.m.

CVE-2019-12297

2019-05-2314:29:07

CWE-134

[email protected]

web.nvd.nist.gov

cve-2019-12297

scopd

motorola routers

cx2 1.01

m2 1.01

format string vulnerability

tcp port 8010

udp port 8080

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

79.7%

JSON

An issue was discovered in scopd on Motorola routers CX2 1.01 and M2 1.01. There is a Use of an Externally Controlled Format String, reachable via TCP port 8010 or UDP port 8080.

Affected configurations

NVD

Node

motorolacx2_firmwareMatch1.01

AND

motorolacx2Match-

Node

motorolam2_firmwareMatch1.01

AND

motorolam2Match-

CPENameOperatorVersion
motorola:cx2_firmwaremotorola cx2 firmwareeq1.01

CPE	Name	Operator	Version
motorola:cx2_firmware	motorola cx2 firmware	eq	1.01

References

github.com/TeamSeri0us/pocs/blob/master/iot/morouter_fmtVuln.md

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

79.7%

JSON

Related for CVE-2019-12297

prion1 cvelist1 nvd1