CVE-2026-5804

An improper authentication vulnerability (CWE-306) exists in the Motorola Factory Test component (com.motorola.motocit). The application holds a reference to a writable file descriptor in external storage, enabling a local third-party app to open a TCP server. This bypasses the intended permission checks, exposing sensitive permissions and data [1].

Exploitation

The attack is local, requiring low privileges (AV:L/AC:L/PR:L), no user interaction, and no special network position beyond local device access. Any third-party app installed on the device could exploit the writable descriptor to start the TCP server, circumventing the Factory Test app’s authentication and authorization controls [1].

Impact

A successful exploit allows the attacker to access protected device settings and potentially modify system configurations, resulting in high confidentiality and integrity impact (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N, score 8.4). No elevation beyond local execution is required, but compromised settings could lead to further system compromise [1].

Mitigation

Motorola has released a fix in software versions with Security Patch Level (SPL) 2026-04-05 or later. Users should update their devices immediately. The vulnerability was discovered and disclosed by Pranil Gholap, and no workaround other than updating is available [1].