VYPR

Vendor CVEs

Motorola

All CVEs

129 total · sorted by risk
  • CVE-2024-55414CriJan 7, 2025
    risk 0.64cvss 9.8epss 0.01

    A vulnerability exits in driver SmSerl64.sys in Motorola SM56 Modem WDM Driver v6.12.23.0, which allows low-privileged users to mapping physical memory via specially crafted IOCTL requests . This can be exploited for privilege escalation, code execution under high privileges,…

  • CVE-2017-0829CriOct 4, 2017
    risk 0.64cvss 9.8epss 0.00

    An elevation of privilege vulnerability in the Motorola bootloader. Product: Android. Versions: Android kernel. Android ID: A-62345044.

  • CVE-2013-2596HigKEVApr 13, 2013
    risk 0.56cvss 7.8epss 0.03

    Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a read-write memory mapping for the entirety of kernel memory, and…

  • CVE-2026-5804HigMay 19, 2026
    risk 0.55cvss 8.4epss 0.00

    An improper authentication vulnerability was discovered in the Motorola Factory Test component (com.motorola.motocit). The application contained a reference to a writable file descriptor in external storage which could be used by third party apps running on the device to…

  • CVE-2016-10277HigMay 12, 2017
    risk 0.54cvss 7.8epss 0.09

    An elevation of privilege vulnerability in the Motorola bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may…

  • CVE-2024-45880HigOct 8, 2024
    risk 0.52cvss 8.0epss 0.01

    A command injection vulnerability exists in Motorola CX2L router v1.0.2 and below. The vulnerability is present in the SetStationSettings function. The system directly invokes the system function to execute commands for setting parameters such as MAC address without proper input…

  • CVE-2018-5827HigMay 17, 2018
    risk 0.51cvss 7.8epss 0.00

    In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a buffer overflow vulnerability exists in WLAN while processing an extscan hotlist event.

  • CVE-2015-8937HigAug 6, 2016
    risk 0.51cvss 7.8epss 0.00

    drivers/char/diag/diagchar_core.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 6, and 7 (2013) devices mishandles a socket process, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28803962 and Qualcomm internal…

  • CVE-2014-9873HigAug 6, 2016
    risk 0.51cvss 7.8epss 0.00

    Integer underflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28750726 and Qualcomm…

  • CVE-2014-9871HigAug 6, 2016
    risk 0.51cvss 7.8epss 0.01

    Multiple buffer overflows in drivers/media/platform/msm/camera_v2/isp/msm_isp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28749803 and…

  • CVE-2014-9869HigAug 6, 2016
    risk 0.51cvss 7.8epss 0.01

    drivers/media/platform/msm/camera_v2/isp/msm_isp_stats_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain index values, which allows attackers to gain privileges via a crafted application, aka Android internal…

  • CVE-2014-9784HigJul 11, 2016
    risk 0.51cvss 7.8epss 0.01

    Multiple buffer overflows in drivers/char/diag/diag_debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28442449 and Qualcomm internal bug…

  • CVE-2015-7936HigDec 23, 2015
    risk 0.49cvss 7.5epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Motorola Solutions MOSCAD IP Gateway allows remote attackers to hijack the authentication of administrators for requests that modify a password.

  • CVE-2015-7935HigDec 23, 2015
    risk 0.49cvss 7.5epss 0.02

    Motorola Solutions MOSCAD IP Gateway allows remote attackers to read arbitrary files via unspecified vectors.

  • CVE-2018-12499HigJul 2, 2018
    risk 0.48cvss 7.4epss 0.00

    The Motorola MBP853 firmware does not correctly validate server certificates. This allows for a Man in The Middle (MiTM) attack to take place between a Motorola MBP853 camera and the servers it communicates with. In one such instance, it was identified that the device was…

  • CVE-2022-4001HigJul 31, 2024
    risk 0.47cvss 7.3epss 0.00

    An authentication bypass vulnerability could allow an attacker to access API functions without authentication.

  • CVE-2025-1700HigJul 17, 2025
    risk 0.46cvss 7.0epss 0.00

    A DLL hijacking vulnerability was reported in the Motorola Software Fix (Rescue and Smart Assistant) installer that could allow a local attacker to escalate privileges during installation of the software.

  • CVE-2023-38291HigApr 22, 2024
    risk 0.46cvss 7.1epss 0.00

    An issue was discovered in a third-party component related to ro.boot.wifimacaddr, shipped on devices from multiple device manufacturers. Various software builds for the following TCL devices (30Z and 10L) and Motorola devices (Moto G Pure and Moto G Power) leak the Wi-Fi MAC…

  • CVE-2017-9497MedJul 31, 2017
    risk 0.44cvss 6.8epss 0.00

    The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows physically proximate attackers to execute arbitrary commands as root by pulling up the diagnostics menu on the set-top box, and then posting to a Web Inspector route.

  • CVE-2023-41830MedMay 3, 2024
    risk 0.42cvss 6.5epss 0.00

    An improper absolute path traversal vulnerability was reported for the Ready For application allowing a local application access to files without authorization. 

  • CVE-2024-3109MedMay 3, 2024
    risk 0.41cvss 6.3epss 0.00

    A hard-coded AES key vulnerability was reported in the Motorola GuideMe application, along with a lack of URI sanitation, could allow for a local attacker to read arbitrary files.

  • CVE-2017-9493MedJul 31, 2017
    risk 0.41cvss 6.3epss 0.01

    The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows remote attackers to conduct successful forced-pairing attacks (between an RF4CE remote and a set-top box) by repeatedly transmitting the same pairing code.

  • CVE-2023-41819MedMay 3, 2024
    risk 0.40cvss 6.1epss 0.00

    A PendingIntent hijacking vulnerability was reported in the Motorola Face Unlock application that could allow a local attacker to access unauthorized content providers. 

  • CVE-2024-3108MedMay 3, 2024
    risk 0.36cvss 5.5epss 0.00

    An implicit intent vulnerability was reported for Motorola’s Time Weather Widget application that could allow a local application to acquire the location of the device without authorization. 

  • CVE-2017-9498MedJul 31, 2017
    risk 0.36cvss 5.5epss 0.00

    The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) and Xfinity XR11-20 Voice Remote devices allows local users to upload arbitrary firmware images to an XR11 by leveraging root access. In other words, there is no protection mechanism involving…

  • CVE-2016-6678MedOct 10, 2016
    risk 0.36cvss 5.5epss 0.00

    The Motorola USBNet driver in Android before 2016-10-05 on Nexus 6 devices allows attackers to obtain sensitive information via a crafted application, aka internal bug 29914434.

  • CVE-2017-9494MedJul 31, 2017
    risk 0.35cvss 5.3epss 0.01

    The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows remote attackers to enable a Remote Web Inspector that is accessible from the public Internet.

  • CVE-2023-41826MedMay 3, 2024
    risk 0.33cvss 5.1epss 0.00

    A PendingIntent hijacking vulnerability in Motorola Device Help (Genie) application that could allow local attackers to access files or interact with non-exported software components without permission. 

  • CVE-2023-41820MedMay 3, 2024
    risk 0.33cvss 5.0epss 0.00

    An implicit intent vulnerability was reported in the Motorola Ready For application that could allow a local attacker to read information about connected Bluetooth audio devices. 

  • CVE-2023-41818MedMay 3, 2024
    risk 0.33cvss 5.0epss 0.00

    An improper use of the SD card for sensitive data vulnerability was reported in the Motorola Device Help application that could allow a local attacker to read system logs. 

  • CVE-2023-41816MedMay 3, 2024
    risk 0.33cvss 5.0epss 0.00

    An improper export vulnerability was reported in the Motorola Services Main application that could allow a local attacker to write to a local database. 

  • CVE-2023-41829MedMar 4, 2024
    risk 0.33cvss 5.0epss 0.00

    An improper export vulnerability was reported in the Motorola Carrier Services application that could allow a malicious, local application to read files without authorization.

  • CVE-2023-41827MedMar 4, 2024
    risk 0.33cvss 5.1epss 0.00

    An improper export vulnerability was reported in the Motorola OTA update application, that could allow a malicious, local application to inject an HTML-based message on screen UI.

  • CVE-2023-41822MedMay 3, 2024
    risk 0.31cvss 4.8epss 0.00

    An improper export vulnerability was reported in the Motorola Interface Test Tool application that could allow a malicious local application to execute OS commands. 

  • CVE-2017-9495MedJul 31, 2017
    risk 0.30cvss 4.6epss 0.00

    The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows physically proximate attackers to read arbitrary files by pressing "EXIT, Down, Down, 2" on an RF4CE remote to reach the diagnostic display, and then launching a Remote Web…

  • CVE-2023-41828MedMay 3, 2024
    risk 0.29cvss 4.4epss 0.00

    An implicit intent export vulnerability was reported in the Motorola Phone application, that could allow unauthorized access to a non-exported content provider.  

  • CVE-2023-41823MedMay 3, 2024
    risk 0.29cvss 4.4epss 0.00

    An improper export vulnerability was reported in the Motorola Phone Extension application, that could allow a local attacker to execute unauthorized Activities. 

  • CVE-2023-38301LowApr 22, 2024
    risk 0.22cvss 3.4epss 0.00

    An issue was discovered in a third-party component related to vendor.gsm.serial, shipped on devices from multiple device manufacturers. Various software builds for the BLU View 2, Boost Mobile Celero 5G, Sharp Rouvo V, Motorola Moto G Pure, Motorola Moto G Power, T-Mobile Revvl…

  • CVE-2024-3480LowMay 3, 2024
    risk 0.18cvss 2.8epss 0.00

    An Implicit intent vulnerability was reported in the Motorola framework that could allow an attacker to read telephony-related data.

  • CVE-2024-3479LowMay 3, 2024
    risk 0.18cvss 2.8epss 0.00

    An improper export vulnerability was reported in the Motorola Enterprise MotoDpms Provider (com.motorola.server.enterprise.MotoDpmsProvider) that could allow a local attacker to read local data.

  • CVE-2023-41825LowMay 3, 2024
    risk 0.18cvss 2.8epss 0.00

    A path traversal vulnerability was reported in the Motorola Ready For application that could allow a local attacker to access local files. 

  • CVE-2023-41824LowMay 3, 2024
    risk 0.18cvss 2.8epss 0.00

    An implicit intent vulnerability was reported in the Motorola Phone Calls application that could allow a local attacker to read the calling phone number and calling data.

  • CVE-2023-41817LowMay 3, 2024
    risk 0.18cvss 2.8epss 0.00

    An improper export vulnerability was reported in the Motorola Phone Calls application that could allow a local attacker to read unauthorized information.

  • CVE-2021-3577Nov 12, 2021
    risk 0.06cvss epss 0.60

    An unauthenticated remote code execution vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker on the same network unauthorized access to the device.

  • CVE-2009-1394Jun 26, 2009
    risk 0.06cvss epss 0.33

    Stack-based buffer overflow in Motorola Timbuktu Pro 8.6.5 on Windows allows remote attackers to execute arbitrary code by sending a long malformed string over the PlughNTCommand named pipe.

  • CVE-2010-2307Jun 16, 2010
    risk 0.04cvss epss 0.09

    Multiple directory traversal vulnerabilities in the web server for Motorola SURFBoard cable modem SBV6120E running firmware SBV6X2X-1.0.0.5-SCM-02-SHPC allow remote attackers to read arbitrary files via (1) "//" (multiple leading slash), (2) ../ (dot dot) sequences, and encoded…

  • CVE-2006-5196Oct 10, 2006
    risk 0.04cvss epss 0.07

    The HTTP interface in the Motorola SURFboard SB4200 Cable Modem allows remote attackers to cause a denial of service (device crash) via a request with MfcISAPICommand set to SecretProc and a long string in the Secret parameter.

  • CVE-2004-1550Dec 31, 2004
    risk 0.04cvss epss 0.19

    Motorola Wireless Router WR850G running firmware 4.03 allows remote attackers to bypass authentication, log on as an administrator, and obtain sensitive information by repeatedly making an HTTP request for ver.asp until an administrator logs on.

  • CVE-2009-0393Feb 3, 2009
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in sysconf.cgi in Motorola Wimax modem CPEi300 allows remote authenticated users to inject arbitrary web script or HTML via the page parameter.

  • CVE-2009-0392Feb 3, 2009
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in sysconf.cgi in Motorola Wimax modem CPEi300 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter.

Page 1 of 3