Motorola

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-4003 1Motorola 1Q14 Firmware Aug 13, 2024 Jul 31, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A denial-of-service vulnerability could allow an authenticated user to trigger an internal service restart via a specially crafted API request.
CVE-2022-4002 1Motorola 1Q14 Firmware Aug 13, 2024 Jul 31, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 A command injection vulnerability could allow an authenticated user to execute operating system commands as root via a specially crafted API request.
CVE-2024-38281 1Motorola 1Vigilant Fixed Lpr Coms Box Firmware Nov 21, 2024 Jun 13, 2024 8.6 HIGH· v4 9.8 CRITICAL· v3 N/A· v2 An attacker can access the maintenance console using hard coded credentials for a hidden wireless network on the device.
CVE-2024-38280 1Motorola 1Vigilant Fixed Lpr Coms Box Firmware Nov 21, 2024 Jun 13, 2024 7.0 HIGH· v4 4.6 MEDIUM· v3 N/A· v2 An unauthorized user is able to gain access to sensitive data, including credentials, by physically retrieving the hard disk of the product as the data is stored in clear text.
CVE-2024-38279 1Motorola 1Vigilant Fixed Lpr Coms Box Firmware Nov 21, 2024 Jun 13, 2024 5.1 MEDIUM· v4 4.6 MEDIUM· v3 N/A· v2 The affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password hashes.
CVE-2024-25360 1Motorola 1Cx2l Firmware Nov 21, 2024 Feb 12, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 A hidden interface in Motorola CX2L Router firmware v1.0.1 leaks information regarding the SystemWizardStatus component via sending a crafted request to device_web_ip.
CVE-2024-23630 1Motorola 1Mr2600 Firmware Nov 21, 2024 Jan 26, 2024 N/A· v4 8.8 HIGH· v3 7.7 HIGH· v2 An arbitrary firmware upload vulnerability exists in the Motorola MR2600. An attacker can exploit this vulnerability to achieve code execution on the device. Authentication is required, however can be bypassed.
CVE-2024-23629 1Motorola 1Mr2600 Firmware Nov 21, 2024 Jan 26, 2024 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 An authentication bypass vulnerability exists in the web component of the Motorola MR2600. An attacker can exploit this vulnerability to access protected URLs and retrieve sensitive information.
CVE-2024-23628 1Motorola 1Mr2600 Firmware Nov 21, 2024 Jan 26, 2024 N/A· v4 8.8 HIGH· v3 7.7 HIGH· v2 A command injection vulnerability exists in the 'SaveStaticRouteIPv6Params' parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required,...Show more A command injection vulnerability exists in the 'SaveStaticRouteIPv6Params' parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however can be bypassed.Show less
CVE-2024-23627 1Motorola 1Mr2600 Firmware Nov 21, 2024 Jan 26, 2024 N/A· v4 8.8 HIGH· v3 7.7 HIGH· v2 A command injection vulnerability exists in the 'SaveStaticRouteIPv4Params' parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, how...Show more A command injection vulnerability exists in the 'SaveStaticRouteIPv4Params' parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however can be bypassed.Show less
CVE-2024-23626 1Motorola 1Mr2600 Firmware Nov 21, 2024 Jan 26, 2024 N/A· v4 8.8 HIGH· v3 7.7 HIGH· v2 A command injection vulnerability exists in the ‘SaveSysLogParams’ parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however c...Show more A command injection vulnerability exists in the ‘SaveSysLogParams’ parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however can be bypassed. Show less
CVE-2022-3681 1Motorola 1Mr2600 Nov 21, 2024 Oct 27, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A vulnerability has been identified in the MR2600 router v1.0.18 and earlier that could allow an attacker within range of the wireless network to successfully brute force the WPS pin, potentially allowing them unauthoriz...Show more A vulnerability has been identified in the MR2600 router v1.0.18 and earlier that could allow an attacker within range of the wireless network to successfully brute force the WPS pin, potentially allowing them unauthorized access to a wireless network. Show less
CVE-2022-27813 1Motorola 2Mtm5400 Firmware Mtm5500 Firmware Nov 21, 2024 Oct 19, 2023 N/A· v4 8.2 HIGH· v3 N/A· v2 Motorola MTM5000 series firmwares lack properly configured memory protection of pages shared between the OMAP-L138 ARM and DSP cores. The SoC provides two memory protection units, MPU1 and MPU2, to enforce the trust boun...Show more Motorola MTM5000 series firmwares lack properly configured memory protection of pages shared between the OMAP-L138 ARM and DSP cores. The SoC provides two memory protection units, MPU1 and MPU2, to enforce the trust boundary between the two cores. Since both units are left unconfigured by the firmwares, an adversary with control over either core can trivially gain code execution on the other, by overwriting code located in shared RAM or DDR2 memory regions.Show less
CVE-2022-26943 1Motorola 2Mtm5400 Firmware Mtm5500 Firmware Nov 21, 2024 Oct 19, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 The Motorola MTM5000 series firmwares generate TETRA authentication challenges using a PRNG using a tick count register as its sole entropy source. Low boottime entropy and limited re-seeding of the pool renders the auth...Show more The Motorola MTM5000 series firmwares generate TETRA authentication challenges using a PRNG using a tick count register as its sole entropy source. Low boottime entropy and limited re-seeding of the pool renders the authentication challenge vulnerable to two attacks. First, due to the limited boottime pool entropy, an adversary can derive the contents of the entropy pool by an exhaustive search of possible values, based on an observed authentication challenge. Second, an adversary can use knowledge of the entropy pool to predict authentication challenges. As such, the unit is vulnerable to CVE-2022-24400.Show less
CVE-2022-26942 1Motorola 2Mtm5400 Firmware Mtm5500 Firmware Nov 21, 2024 Oct 19, 2023 N/A· v4 8.2 HIGH· v3 N/A· v2 The Motorola MTM5000 series firmwares lack pointer validation on arguments passed to trusted execution environment (TEE) modules. Two modules are used, one responsible for KVL key management and the other for TETRA crypt...Show more The Motorola MTM5000 series firmwares lack pointer validation on arguments passed to trusted execution environment (TEE) modules. Two modules are used, one responsible for KVL key management and the other for TETRA cryptographic functionality. In both modules, an adversary with non-secure supervisor level code execution can exploit the issue in order to gain secure supervisor code execution within the TEE. This constitutes a full break of the TEE module, exposing the device key as well as any TETRA cryptographic keys and the confidential TETRA cryptographic primitives. Show less
CVE-2022-26941 1Motorola 2Mtm5400 Firmware Mtm5500 Firmware Nov 21, 2024 Oct 19, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 A format string vulnerability exists in Motorola MTM5000 series firmware AT command handler for the AT+CTGL command. An attacker-controllable string is improperly handled, allowing for a write-anything-anywhere scenario....Show more A format string vulnerability exists in Motorola MTM5000 series firmware AT command handler for the AT+CTGL command. An attacker-controllable string is improperly handled, allowing for a write-anything-anywhere scenario. This can be leveraged to obtain arbitrary code execution inside the teds_app binary, which runs with root privileges.Show less
CVE-2022-3407 1Motorola 1Smartphone Firmware Nov 21, 2024 Sep 1, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 I some cases, when the device is USB-tethered to a host PC, and the device is sharing its mobile network connection with the host PC, if the user originates a call on the device, then the device's modem may reset and cau...Show more I some cases, when the device is USB-tethered to a host PC, and the device is sharing its mobile network connection with the host PC, if the user originates a call on the device, then the device's modem may reset and cause the phone call to not succeed. This may block the user from dialing emergency services. This patch resolves the device's modem reset issue.Show less
CVE-2023-23774 1Motorola 2Ebts Site Controller Firmware Mbts Site Controller Firmware Nov 21, 2024 Aug 29, 2023 N/A· v4 8.4 HIGH· v3 N/A· v2 Motorola EBTS/MBTS Site Controller drops to debug prompt on unhandled exception. The Motorola MBTS Site Controller exposes a debug prompt on the device's serial port in case of an unhandled exception. This allows an atta...Show more Motorola EBTS/MBTS Site Controller drops to debug prompt on unhandled exception. The Motorola MBTS Site Controller exposes a debug prompt on the device's serial port in case of an unhandled exception. This allows an attacker with physical access that is able to trigger such an exception to extract secret key material and/or gain arbitrary code execution on the device.Show less
CVE-2023-23773 1Motorola 2Ebts Base Radio Firmware Mbts Base Radio Firmware Nov 21, 2024 Aug 29, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Motorola EBTS/MBTS Base Radio fails to check firmware authenticity. The Motorola MBTS Base Radio lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary...Show more Motorola EBTS/MBTS Base Radio fails to check firmware authenticity. The Motorola MBTS Base Radio lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device.Show less
CVE-2023-23772 1Motorola 1Mbts Site Controller Firmware Nov 21, 2024 Aug 29, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to ga...Show more Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device.Show less

12 3 4 5 Next