Motorola: Security Vulnerabilities
Motorola Scanner SDK uses weak permissions for (1) CoreScanner.exe, (2) rsmdriverproviderservice.exe, and (3) ScannerService.exe, which allows local users to gain privileges via unspecified vectors.
CVSS Score
7.2
EPSS Score
0.001
Published
2015-02-16
Multiple stack-based buffer overflows in Motorola Scanner SDK allow remote attackers to execute arbitrary code via a crafted string to the Open method in (1) IOPOSScanner.ocx or (2) IOPOSScale.ocx.
CVSS Score
6.8
EPSS Score
0.038
Published
2015-02-16
A certain configuration of Android 2.3.7 on the Motorola Defy XT phone for Republic Wireless uses init to create a /dev/socket/init_runit socket that listens for shell commands, which allows local users to gain privileges by interacting with a LocalSocket object.
CVSS Score
6.9
EPSS Score
0.0
Published
2013-09-25
Stack-based buffer overflow in the sub_E110 function in init in a certain configuration of Android 2.3.7 on the Motorola Defy XT phone for Republic Wireless allows local users to gain privileges or cause a denial of service (memory corruption) by writing a long string to the /dev/socket/init_runit socket that is inconsistent with a certain length value that was previously written to this socket.
CVSS Score
6.9
EPSS Score
0.001
Published
2013-09-25
The TrustZone kernel, when used in conjunction with a certain Motorola build of Android 4.1.2, on Motorola Razr HD, Razr M, and Atrix HD devices with the Qualcomm MSM8960 chipset does not verify the association between a certain physical-address argument and a memory region, which allows local users to unlock the bootloader by using kernel mode to perform crafted 0x9 and 0x2 SMC operations, a different vulnerability than CVE-2013-2596.
CVSS Score
6.2
EPSS Score
0.0
Published
2013-04-13
CVE-2013-2596
Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted /dev/graphics/fb0 mmap2 system calls, as demonstrated by the Motochopper pwn program.
Known exploited
CVSS Score
7.8
EPSS Score
0.02
Published
2013-04-13
Multiple directory traversal vulnerabilities in the web server for Motorola SURFBoard cable modem SBV6120E running firmware SBV6X2X-1.0.0.5-SCM-02-SHPC allow remote attackers to read arbitrary files via (1) "//" (multiple leading slash), (2) ../ (dot dot) sequences, and encoded dot dot sequences in a URL request.
CVSS Score
5.0
EPSS Score
0.029
Published
2010-06-16
Stack-based buffer overflow in Motorola Timbuktu Pro 8.6.5 on Windows allows remote attackers to execute arbitrary code by sending a long malformed string over the PlughNTCommand named pipe.
CVSS Score
9.3
EPSS Score
0.49
Published
2009-06-26
Directory traversal vulnerability in sysconf.cgi in Motorola Wimax modem CPEi300 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter.
CVSS Score
6.8
EPSS Score
0.027
Published
2009-02-03
Cross-site scripting (XSS) vulnerability in sysconf.cgi in Motorola Wimax modem CPEi300 allows remote authenticated users to inject arbitrary web script or HTML via the page parameter.
CVSS Score
3.5
EPSS Score
0.003
Published
2009-02-03