Vendor CVEs
Motorola
All CVEs
129 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-21932 | 0.00 | — | 0.01 | Jul 21, 2021 | A vulnerability in /Login.html of Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n allows attackers to bypass login and obtain a partially authorized token and uid. | |||
| CVE-2021-32089 | 0.00 | — | 0.02 | May 11, 2021 | An issue was discovered on Zebra (formerly Motorola Solutions) Fixed RFID Reader FX9500 devices. An unauthenticated attacker can upload arbitrary files to the filesystem that can then be accessed through the web interface. This can lead to information disclosure and code… | |||
| CVE-2021-3460 | 0.00 | — | 0.01 | Apr 13, 2021 | The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible by an attacker. | |||
| CVE-2020-10875 | 0.00 | — | 0.02 | Mar 23, 2020 | Motorola FX9500 devices allow remote attackers to conduct absolute path traversal attacks, as demonstrated by PL/SQL Server Pages files such as /include/viewtagdb.psp. | |||
| CVE-2020-10874 | 0.00 | — | 0.01 | Mar 23, 2020 | Motorola FX9500 devices allow remote attackers to read database files. | |||
| CVE-2019-16257 | 0.00 | — | 0.02 | Sep 12, 2019 | Some Motorola devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit (STK) instructions in an SMS message,… | |||
| CVE-2019-13129 | 0.00 | — | 0.01 | Jul 1, 2019 | On the Motorola router CX2L MWR04L 1.01, there is a stack consumption (infinite recursion) issue in scopd via TCP port 8010 and UDP port 8080. It is caused by snprintf and inappropriate length handling. | |||
| CVE-2019-12297 | 0.00 | — | 0.02 | May 23, 2019 | An issue was discovered in scopd on Motorola routers CX2 1.01 and M2 1.01. There is a Use of an Externally Controlled Format String, reachable via TCP port 8010 or UDP port 8080. | |||
| CVE-2019-11322 | 0.00 | — | 0.04 | Apr 18, 2019 | An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the function startRmtAssist in hnap, which leads to remote code execution via shell metacharacters in a JSON value. | |||
| CVE-2019-11321 | 0.00 | — | 0.01 | Apr 18, 2019 | An issue was discovered in Motorola CX2 1.01 and M2 1.01. The router opens TCP port 8010. Users can send hnap requests to this port without authentication to obtain information such as the MAC addresses of connected client devices. | |||
| CVE-2019-11320 | 0.00 | — | 0.02 | Apr 18, 2019 | In Motorola CX2 1.01 and M2 1.01, users can access the router's /priv_mgt.html web page to launch telnetd, as demonstrated by the 192.168.51.1 address. | |||
| CVE-2019-11319 | 0.00 | — | 0.04 | Apr 18, 2019 | An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the function downloadFirmware in hnap, which leads to remote code execution via shell metacharacters in a JSON value. | |||
| CVE-2018-20399 | 0.00 | — | 0.03 | Dec 23, 2018 | Motorola SBG901 SBG901-2.10.1.1-GA-00-581-NOSH, SBG941 SBG941-2.11.0.0-GA-07-624-NOSH, and SVG1202 SVG1202-2.1.0.0-GA-14-LTSH devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||
| CVE-2015-1496 | 0.00 | — | 0.00 | Feb 16, 2015 | Motorola Scanner SDK uses weak permissions for (1) CoreScanner.exe, (2) rsmdriverproviderservice.exe, and (3) ScannerService.exe, which allows local users to gain privileges via unspecified vectors. | |||
| CVE-2015-1495 | 0.00 | — | 0.03 | Feb 16, 2015 | Multiple stack-based buffer overflows in Motorola Scanner SDK allow remote attackers to execute arbitrary code via a crafted string to the Open method in (1) IOPOSScanner.ocx or (2) IOPOSScale.ocx. | |||
| CVE-2013-5933 | 0.00 | — | 0.00 | Sep 25, 2013 | Stack-based buffer overflow in the sub_E110 function in init in a certain configuration of Android 2.3.7 on the Motorola Defy XT phone for Republic Wireless allows local users to gain privileges or cause a denial of service (memory corruption) by writing a long string to the… | |||
| CVE-2013-4777 | 0.00 | — | 0.00 | Sep 25, 2013 | A certain configuration of Android 2.3.7 on the Motorola Defy XT phone for Republic Wireless uses init to create a /dev/socket/init_runit socket that listens for shell commands, which allows local users to gain privileges by interacting with a LocalSocket object. | |||
| CVE-2013-3051 | 0.00 | — | 0.00 | Apr 13, 2013 | The TrustZone kernel, when used in conjunction with a certain Motorola build of Android 4.1.2, on Motorola Razr HD, Razr M, and Atrix HD devices with the Qualcomm MSM8960 chipset does not verify the association between a certain physical-address argument and a memory region,… | |||
| CVE-2008-2548 | 0.00 | — | 0.06 | Jun 4, 2008 | Stack-based buffer overflow in the JPEG thumbprint component in the EXIF parser on Motorola cell phones with RAZR firmware allows user-assisted remote attackers to execute arbitrary code via an MMS transmission of a malformed JPEG image, which triggers memory corruption. | |||
| CVE-2008-2002 | 0.00 | — | 0.01 | Apr 28, 2008 | Multiple cross-site request forgery (CSRF) vulnerabilities on Motorola Surfboard with software SB5100-2.3.3.0-SCM00-NOSH allow remote attackers to (1) cause a denial of service (device reboot) via the "Restart Cable Modem" value in the BUTTON_INPUT parameter to configdata.html,… | |||
| CVE-2007-5761 | 0.00 | — | 0.00 | Jan 9, 2008 | The NantSys device 5.0.0.115 in Motorola netOctopus 5.1.2 build 1011 has weak permissions for the \\.\NantSys device interface (nantsys.sys), which allows local users to gain privileges or cause a denial of service (system crash), as demonstrated by modifying the… | |||
| CVE-2007-5792 | 0.00 | — | 0.01 | Nov 1, 2007 | The Vonage Motorola Phone Adapter VT 2142-VD does not encrypt RTP packets, which might allow remote attackers to eavesdrop by sniffing the network and reconstructing the RTP session. | |||
| CVE-2007-0522 | 0.00 | — | 0.01 | Jan 26, 2007 | The Motorola MOTORAZR V3 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push. | |||
| CVE-2006-1365 | 0.00 | — | 0.01 | Mar 23, 2006 | The Motorola PEBL U6, the Motorola V600, and possibly the Motorola E398 and other Motorola phones allow remote attackers to add an entry for their own Bluetooth device to a target device's list of trusted devices (aka Device History), and possibly obtain AT level access to the… | |||
| CVE-2006-1366 | 0.00 | — | 0.05 | Mar 23, 2006 | Buffer overflow in the Motorola PEBL U6 08.83.76R, and possibly other Motorola P2K-based phones, allows remote attackers to cause a denial of service (device shutdown), and possibly execute arbitrary code, via a long OBEX setpath to the OBEX File Transfer (aka FTP) service on… | |||
| CVE-2005-4215 | 0.00 | — | 0.02 | Dec 14, 2005 | Motorola SB5100E Cable Modem allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LAND). | |||
| CVE-2002-1944 | 0.00 | — | 0.02 | Dec 31, 2002 | Motorola Surfboard 4200 cable modem allows remote attackers to cause a denial of service (crash) by performing a SYN scan using a tool such as nmap. | |||
| CVE-1999-0919 | 0.00 | — | 0.03 | May 10, 1998 | A memory leak in a Motorola CableRouter allows remote attackers to conduct a denial of service via a large number of telnet connections. | |||
| CVE-1999-0816 | 0.00 | — | 0.03 | May 10, 1998 | The Motorola CableRouter allows any remote user to connect to and configure the router on port 1024. |
- CVE-2020-21932Jul 21, 2021risk 0.00cvss —epss 0.01
A vulnerability in /Login.html of Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n allows attackers to bypass login and obtain a partially authorized token and uid.
- CVE-2021-32089May 11, 2021risk 0.00cvss —epss 0.02
An issue was discovered on Zebra (formerly Motorola Solutions) Fixed RFID Reader FX9500 devices. An unauthenticated attacker can upload arbitrary files to the filesystem that can then be accessed through the web interface. This can lead to information disclosure and code…
- CVE-2021-3460Apr 13, 2021risk 0.00cvss —epss 0.01
The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible by an attacker.
- CVE-2020-10875Mar 23, 2020risk 0.00cvss —epss 0.02
Motorola FX9500 devices allow remote attackers to conduct absolute path traversal attacks, as demonstrated by PL/SQL Server Pages files such as /include/viewtagdb.psp.
- CVE-2020-10874Mar 23, 2020risk 0.00cvss —epss 0.01
Motorola FX9500 devices allow remote attackers to read database files.
- CVE-2019-16257Sep 12, 2019risk 0.00cvss —epss 0.02
Some Motorola devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit (STK) instructions in an SMS message,…
- CVE-2019-13129Jul 1, 2019risk 0.00cvss —epss 0.01
On the Motorola router CX2L MWR04L 1.01, there is a stack consumption (infinite recursion) issue in scopd via TCP port 8010 and UDP port 8080. It is caused by snprintf and inappropriate length handling.
- CVE-2019-12297May 23, 2019risk 0.00cvss —epss 0.02
An issue was discovered in scopd on Motorola routers CX2 1.01 and M2 1.01. There is a Use of an Externally Controlled Format String, reachable via TCP port 8010 or UDP port 8080.
- CVE-2019-11322Apr 18, 2019risk 0.00cvss —epss 0.04
An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the function startRmtAssist in hnap, which leads to remote code execution via shell metacharacters in a JSON value.
- CVE-2019-11321Apr 18, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Motorola CX2 1.01 and M2 1.01. The router opens TCP port 8010. Users can send hnap requests to this port without authentication to obtain information such as the MAC addresses of connected client devices.
- CVE-2019-11320Apr 18, 2019risk 0.00cvss —epss 0.02
In Motorola CX2 1.01 and M2 1.01, users can access the router's /priv_mgt.html web page to launch telnetd, as demonstrated by the 192.168.51.1 address.
- CVE-2019-11319Apr 18, 2019risk 0.00cvss —epss 0.04
An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a command injection in the function downloadFirmware in hnap, which leads to remote code execution via shell metacharacters in a JSON value.
- CVE-2018-20399Dec 23, 2018risk 0.00cvss —epss 0.03
Motorola SBG901 SBG901-2.10.1.1-GA-00-581-NOSH, SBG941 SBG941-2.11.0.0-GA-07-624-NOSH, and SVG1202 SVG1202-2.1.0.0-GA-14-LTSH devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
- CVE-2015-1496Feb 16, 2015risk 0.00cvss —epss 0.00
Motorola Scanner SDK uses weak permissions for (1) CoreScanner.exe, (2) rsmdriverproviderservice.exe, and (3) ScannerService.exe, which allows local users to gain privileges via unspecified vectors.
- CVE-2015-1495Feb 16, 2015risk 0.00cvss —epss 0.03
Multiple stack-based buffer overflows in Motorola Scanner SDK allow remote attackers to execute arbitrary code via a crafted string to the Open method in (1) IOPOSScanner.ocx or (2) IOPOSScale.ocx.
- CVE-2013-5933Sep 25, 2013risk 0.00cvss —epss 0.00
Stack-based buffer overflow in the sub_E110 function in init in a certain configuration of Android 2.3.7 on the Motorola Defy XT phone for Republic Wireless allows local users to gain privileges or cause a denial of service (memory corruption) by writing a long string to the…
- CVE-2013-4777Sep 25, 2013risk 0.00cvss —epss 0.00
A certain configuration of Android 2.3.7 on the Motorola Defy XT phone for Republic Wireless uses init to create a /dev/socket/init_runit socket that listens for shell commands, which allows local users to gain privileges by interacting with a LocalSocket object.
- CVE-2013-3051Apr 13, 2013risk 0.00cvss —epss 0.00
The TrustZone kernel, when used in conjunction with a certain Motorola build of Android 4.1.2, on Motorola Razr HD, Razr M, and Atrix HD devices with the Qualcomm MSM8960 chipset does not verify the association between a certain physical-address argument and a memory region,…
- CVE-2008-2548Jun 4, 2008risk 0.00cvss —epss 0.06
Stack-based buffer overflow in the JPEG thumbprint component in the EXIF parser on Motorola cell phones with RAZR firmware allows user-assisted remote attackers to execute arbitrary code via an MMS transmission of a malformed JPEG image, which triggers memory corruption.
- CVE-2008-2002Apr 28, 2008risk 0.00cvss —epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities on Motorola Surfboard with software SB5100-2.3.3.0-SCM00-NOSH allow remote attackers to (1) cause a denial of service (device reboot) via the "Restart Cable Modem" value in the BUTTON_INPUT parameter to configdata.html,…
- CVE-2007-5761Jan 9, 2008risk 0.00cvss —epss 0.00
The NantSys device 5.0.0.115 in Motorola netOctopus 5.1.2 build 1011 has weak permissions for the \\.\NantSys device interface (nantsys.sys), which allows local users to gain privileges or cause a denial of service (system crash), as demonstrated by modifying the…
- CVE-2007-5792Nov 1, 2007risk 0.00cvss —epss 0.01
The Vonage Motorola Phone Adapter VT 2142-VD does not encrypt RTP packets, which might allow remote attackers to eavesdrop by sniffing the network and reconstructing the RTP session.
- CVE-2007-0522Jan 26, 2007risk 0.00cvss —epss 0.01
The Motorola MOTORAZR V3 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push.
- CVE-2006-1365Mar 23, 2006risk 0.00cvss —epss 0.01
The Motorola PEBL U6, the Motorola V600, and possibly the Motorola E398 and other Motorola phones allow remote attackers to add an entry for their own Bluetooth device to a target device's list of trusted devices (aka Device History), and possibly obtain AT level access to the…
- CVE-2006-1366Mar 23, 2006risk 0.00cvss —epss 0.05
Buffer overflow in the Motorola PEBL U6 08.83.76R, and possibly other Motorola P2K-based phones, allows remote attackers to cause a denial of service (device shutdown), and possibly execute arbitrary code, via a long OBEX setpath to the OBEX File Transfer (aka FTP) service on…
- CVE-2005-4215Dec 14, 2005risk 0.00cvss —epss 0.02
Motorola SB5100E Cable Modem allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LAND).
- CVE-2002-1944Dec 31, 2002risk 0.00cvss —epss 0.02
Motorola Surfboard 4200 cable modem allows remote attackers to cause a denial of service (crash) by performing a SYN scan using a tool such as nmap.
- CVE-1999-0919May 10, 1998risk 0.00cvss —epss 0.03
A memory leak in a Motorola CableRouter allows remote attackers to conduct a denial of service via a large number of telnet connections.
- CVE-1999-0816May 10, 1998risk 0.00cvss —epss 0.03
The Motorola CableRouter allows any remote user to connect to and configure the router on port 1024.
Page 3 of 3