6 results (0.010 seconds)

CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 1

Some Motorola devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit (STK) instructions in an SMS message, aka Simjacker. Algunos dispositivos Motorola incluyen el SIMalliance Toolbox Browser (también se conoce como S@T Browser) en el UICC, lo que podría permitir a atacantes remotos recuperar información de ubicación e IMEI, o recuperar otros datos o ejecutar determinados comandos, por medio de instrucciones SIM Toolkit (STK) en un mensaje SMS, también se conoce como Simjacker. • https://www.adaptivemobile.com/blog/simjacker-next-generation-spying-over-mobile •

CVSS: 7.2EPSS: 1%CPEs: 1EXPL: 0

Motorola Scanner SDK uses weak permissions for (1) CoreScanner.exe, (2) rsmdriverproviderservice.exe, and (3) ScannerService.exe, which allows local users to gain privileges via unspecified vectors. Motorola Scanner SDK utiliza permisos débiles para (1) CoreScanner.exe, (2) rsmdriverproviderservice.exe, y (3) ScannerService.exe, lo que permite a usuarios locales ganar privilegios a través de vectores no especificados. This vulnerability allows local attackers to execute arbitrary code with elevated privileges on vulnerable installations of Motorola Scanner SDK. Authentication is not required to exploit this vulnerability. The specific flaw exists within the file permissions (ACLs) on an installed directory. ScannerService.exe is vulnerable to tampering by all users. • http://www.zerodayinitiative.com/advisories/ZDI-15-035 http://www.zerodayinitiative.com/advisories/ZDI-15-036 http://www.zerodayinitiative.com/advisories/ZDI-15-037 https://portal.motorolasolutions.com/Support/US-EN/Resolution?solutionId=87666 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 76%CPEs: 1EXPL: 0

Multiple stack-based buffer overflows in Motorola Scanner SDK allow remote attackers to execute arbitrary code via a crafted string to the Open method in (1) IOPOSScanner.ocx or (2) IOPOSScale.ocx. Múltiples desbordamientos de buffer basado en pila en Motorola Scanner SDK permiten a atacantes remotos ejecutar código arbitrario a través de una cadena manipulada en el método Open en (1) IOPOSScanner.ocx o (2) IOPOSScale.ocx. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Motorola Scanner SDK. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the IOPOSScale Open method which performs an unbounded string copy operation into a fixed-length stack buffer using attacker-supplied input. A remote attacker can leverage this to execute arbitrary code under the context of the browser process. • http://www.zerodayinitiative.com/advisories/ZDI-15-033 http://www.zerodayinitiative.com/advisories/ZDI-15-034 https://portal.motorolasolutions.com/Support/US-EN/Resolution?solutionId=87666 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0

Motorola SB5100E Cable Modem allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LAND). El Cable Módem Motorola SB5100E permite a atacantes remtoso causar una denegación de servicio (caída del dispositivo) mediante un paquete IP con direcciones IP y puertos de origen y destino iguales y la bandera SYN establecida. • http://marc.info/?l=bugtraq&m=113416527000313&w=2 http://secunia.com/advisories/17996 http://www.securityfocus.com/bid/15795 http://www.vupen.com/english/advisories/2005/2864 •

CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1

The Motorola CableRouter allows any remote user to connect to and configure the router on port 1024. • http://www.netspace.org/cgi-bin/wa?A2=ind9805B&L=bugtraq&P=R1621 •