"-Synchronized-Data."

2025-05-06 18:53:08 +00:00 · 2019-12-20 19:01:05 +00:00 · 2019-12-20 19:01:05 +00:00 · 52fed50ab0
commit 52fed50ab0
parent 2e376c43f6
2 changed files with 17 additions and 2 deletions
--- a/2018/11xxx/CVE-2018-11116.json
+++ b/2018/11xxx/CVE-2018-11116.json
@ -34,7 +34,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods (i.e., achieve ubus access over HTTP) that were only supposed to be accessible to a specific user, as demonstrated by the file, log, and service namespaces, potentially leading to remote Information Disclosure or Code Execution."
+                "value": "** DISPUTED ** OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods (i.e., achieve ubus access over HTTP) that were only supposed to be accessible to a specific user, as demonstrated by the file, log, and service namespaces, potentially leading to remote Information Disclosure or Code Execution. NOTE: The developer disputes this as a vulnerability, indicating that rpcd functions appropriately."
            }
        ]
    },
@ -56,6 +56,11 @@
                "name": "http://blog.hac425.top/2018/05/16/openwrt_rpcd_acl_fail.html",
                "refsource": "MISC",
                "url": "http://blog.hac425.top/2018/05/16/openwrt_rpcd_acl_fail.html"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://forum.openwrt.org/t/rpcd-vulnerability-reported-on-vultdb/16497/3",
+                "url": "https://forum.openwrt.org/t/rpcd-vulnerability-reported-on-vultdb/16497/3"
            }
        ]
    }
--- a/2019/15xxx/CVE-2019-15513.json
+++ b/2019/15xxx/CVE-2019-15513.json
@ -34,7 +34,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "An issue was discovered in OpenWrt libuci (aka Library for the Unified Configuration Interface) as used on Motorola CX2L MWR04L 1.01 and C1 MWR03 1.01 devices. /tmp/.uci/network locking is mishandled after reception of a long SetWanSettings command, leading to a device hang."
+                "value": "An issue was discovered in OpenWrt libuci (aka Library for the Unified Configuration Interface) before 15.05.1 as used on Motorola CX2L MWR04L 1.01 and C1 MWR03 1.01 devices. /tmp/.uci/network locking is mishandled after reception of a long SetWanSettings command, leading to a device hang."
            }
        ]
    },
@ -56,6 +56,16 @@
                "url": "https://github.com/TeamSeri0us/pocs/blob/master/iot/morouter/motorola%E8%B7%AF%E7%94%B1%E5%99%A8%E6%96%87%E4%BB%B6%E8%A7%A3%E9%94%81%E6%BC%8F%E6%B4%9E.pdf",
                "refsource": "MISC",
                "name": "https://github.com/TeamSeri0us/pocs/blob/master/iot/morouter/motorola%E8%B7%AF%E7%94%B1%E5%99%A8%E6%96%87%E4%BB%B6%E8%A7%A3%E9%94%81%E6%BC%8F%E6%B4%9E.pdf"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://lists.infradead.org/pipermail/openwrt-devel/2019-November/019736.html",
+                "url": "https://lists.infradead.org/pipermail/openwrt-devel/2019-November/019736.html"
+            },
+            {
+                "refsource": "CONFIRM",
+                "name": "https://git.openwrt.org/?p=project/uci.git;a=commitdiff;h=19e29ffc15dbd958e8e6a648ee0982c68353516f",
+                "url": "https://git.openwrt.org/?p=project/uci.git;a=commitdiff;h=19e29ffc15dbd958e8e6a648ee0982c68353516f"
            }
        ]
    }