CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38279 – Authentication Bypass Using an Alternate Path or Channel in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)
https://notcve.org/view.php?id=CVE-2024-38279
13 Jun 2024 — The affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password hashes. El producto afectado es vulnerable a que un atacante modifique el gestor de arranque mediante el uso de argumentos personalizados para eludir la autenticación y obtener acceso al sistema de archivos y obtener hashes de contraseña. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-165-19 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41830
https://notcve.org/view.php?id=CVE-2023-41830
03 May 2024 — An improper absolute path traversal vulnerability was reported for the Ready For application allowing a local application access to files without authorization. Se informó una vulnerabilidad de path traversal absoluta incorrecta para la aplicación Ready For, que permite que una aplicación local acceda a archivos sin autorización. • https://en-us.support.motorola.com/app/answers/detail/a_id/178702 • CWE-36: Absolute Path Traversal •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41828
https://notcve.org/view.php?id=CVE-2023-41828
03 May 2024 — An implicit intent export vulnerability was reported in the Motorola Phone application, that could allow unauthorized access to a non-exported content provider. Se informó una vulnerabilidad de exportación de intención implícita en la aplicación Motorola Phone, que podría permitir el acceso no autorizado a un proveedor de contenido no exportado. • https://en-us.support.motorola.com/app/answers/detail/a_id/178701 • CWE-927: Use of Implicit Intent for Sensitive Communication •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41826
https://notcve.org/view.php?id=CVE-2023-41826
03 May 2024 — A PendingIntent hijacking vulnerability in Motorola Device Help (Genie) application that could allow local attackers to access files or interact with non-exported software components without permission. Una vulnerabilidad de secuestro PendingIntent en la aplicación Motorola Device Help (Genie) que podría permitir a atacantes locales acceder a archivos o interactuar con componentes de software no exportados sin permiso. • https://en-us.support.motorola.com/app/answers/detail/a_id/178703 • CWE-927: Use of Implicit Intent for Sensitive Communication •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41823
https://notcve.org/view.php?id=CVE-2023-41823
03 May 2024 — An improper export vulnerability was reported in the Motorola Phone Extension application, that could allow a local attacker to execute unauthorized Activities. Se informó una vulnerabilidad de exportación inadecuada en la aplicación Motorola Phone Extension, que podría permitir que un atacante local ejecute actividades no autorizadas. • https://en-us.support.motorola.com/app/answers/detail/a_id/178705 • CWE-926: Improper Export of Android Application Components •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41822
https://notcve.org/view.php?id=CVE-2023-41822
03 May 2024 — An improper export vulnerability was reported in the Motorola Interface Test Tool application that could allow a malicious local application to execute OS commands. Se informó una vulnerabilidad de exportación incorrecta en la aplicación Motorola Interface Test Tool que podría permitir que una aplicación local maliciosa ejecute comandos del sistema operativo. • https://en-us.support.motorola.com/app/answers/detail/a_id/178704 • CWE-926: Improper Export of Android Application Components •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41816
https://notcve.org/view.php?id=CVE-2023-41816
03 May 2024 — An improper export vulnerability was reported in the Motorola Services Main application that could allow a local attacker to write to a local database. Se informó una vulnerabilidad de exportación inadecuada en la aplicación principal de servicios de Motorola que podría permitir que un atacante local escriba en una base de datos local. • https://en-us.support.motorola.com/app/answers/detail/a_id/178874 • CWE-926: Improper Export of Android Application Components •
CVSS: 3.4EPSS: 0%CPEs: 7EXPL: 0CVE-2023-38301
https://notcve.org/view.php?id=CVE-2023-38301
22 Apr 2024 — An issue was discovered in a third-party component related to vendor.gsm.serial, shipped on devices from multiple device manufacturers. Various software builds for the BLU View 2, Boost Mobile Celero 5G, Sharp Rouvo V, Motorola Moto G Pure, Motorola Moto G Power, T-Mobile Revvl 6 Pro 5G, and T-Mobile Revvl V+ 5G devices leak the device serial number to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from ... • https://media.defcon.org/DEF%20CON%2031/DEF%20CON%2031%20presentations/Ryan%20Johnson%20Mohamed%20Elsabagh%20Angelos%20Stavrou%20-%20Still%20Vulnerable%20Out%20of%20the%20Box%20Revisiting%20the%20Security%20of%20Prepaid%20Android%20Carrier%20Devices.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25360
https://notcve.org/view.php?id=CVE-2024-25360
12 Feb 2024 — A hidden interface in Motorola CX2L Router firmware v1.0.1 leaks information regarding the SystemWizardStatus component via sending a crafted request to device_web_ip. Una interfaz oculta en Motorola CX2L Router firmware v1.0.1, filtra información sobre el componente SystemWizardStatus mediante el envío de una solicitud manipulada a device_web_ip. • https://github.com/leetsun/Hints/tree/main/moto-CX2L/4 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-23630 – Motorola MR2600 Arbitrary Firmware Upload Vulnerability
https://notcve.org/view.php?id=CVE-2024-23630
25 Jan 2024 — An arbitrary firmware upload vulnerability exists in the Motorola MR2600. An attacker can exploit this vulnerability to achieve code execution on the device. Authentication is required, however can be bypassed. Existe una vulnerabilidad de carga de firmware arbitraria en el Motorola MR2600. Un atacante puede aprovechar esta vulnerabilidad para lograr la ejecución de código en el dispositivo. • https://blog.exodusintel.com/2024/01/25/motorola-mr2600-arbitrary-firmware-upload-vulnerability • CWE-434: Unrestricted Upload of File with Dangerous Type •