Motorola
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Motorola product.
RSS Feeds for Motorola security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Motorola products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Motorola Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2026 there have been 0 vulnerabilities in Motorola. Motorola did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 7 | 6.50 |
| 2023 | 5 | 7.90 |
| 2022 | 2 | 8.15 |
It may take a day or so for new Motorola vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Motorola Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2022-4003 | Jul 31, 2024 |
Authenticated API-mediated DoS triggers internal service restartA denial-of-service vulnerability could allow an authenticated user to trigger an internal service restart via a specially crafted API request. |
Q14 Firmware
|
| CVE-2022-4002 | Jul 31, 2024 |
Command Injection via Authenticated API Allows Root ExecA command injection vulnerability could allow an authenticated user to execute operating system commands as root via a specially crafted API request. |
Q14 Firmware
|
| CVE-2024-38281 | Jun 13, 2024 |
Hard-coded credentials expose maintenance console via hidden Wi-FiAn attacker can access the maintenance console using hard coded credentials for a hidden wireless network on the device. |
Vigilant Fixed Lpr Coms Box Firmware
|
| CVE-2024-38279 | Jun 13, 2024 |
Bootloader Arg Injection in UBoot Enables Auth Bypass & Hash TheftThe affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password hashes. |
Vigilant Fixed Lpr Coms Box Firmware
|
| CVE-2024-38280 | Jun 13, 2024 |
Cleartext Credential Storage Vulnerable to Physical Disk TheftAn unauthorized user is able to gain access to sensitive data, including credentials, by physically retrieving the hard disk of the product as the data is stored in clear text. |
Vigilant Fixed Lpr Coms Box Firmware
|
| CVE-2024-25360 | Feb 12, 2024 |
Motorola CX2L Router v1.0.1 SystemWizardStatus Info Leak via Hidden InterfaceA hidden interface in Motorola CX2L Router firmware v1.0.1 leaks information regarding the SystemWizardStatus component via sending a crafted request to device_web_ip. |
Cx2l Firmware
|
| CVE-2024-23629 | Jan 26, 2024 |
Auth Bypass in Motorola MR2600 Web InterfaceAn authentication bypass vulnerability exists in the web component of the Motorola MR2600. An attacker can exploit this vulnerability to access protected URLs and retrieve sensitive information. |
Mr2600 Firmware
|
| CVE-2022-3407 | Sep 01, 2023 |
Android USB Tethering Modem Reset on Call - CVE-2022-3407I some cases, when the device is USB-tethered to a host PC, and the device is sharing its mobile network connection with the host PC, if the user originates a call on the device, then the device's modem may reset and cause the phone call to not succeed. This may block the user from dialing emergency services. This patch resolves the device's modem reset issue. |
Smartphone Firmware
|
| CVE-2023-31531 | May 11, 2023 |
Motorola CX2L Router 1.0.1 Command Injection via tomography_ping_numberMotorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the tomography_ping_number parameter. |
Cx2l Firmware
|
| CVE-2023-31530 | May 11, 2023 |
Motorola CX2L Router 1.0.1 Command Injection via smartqos_priority_devicesMotorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the smartqos_priority_devices parameter. |
Cx2l Firmware
|
| CVE-2023-31529 | May 11, 2023 |
Command Injection via system_time_timezone in CX2L Router 1.0.1Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the system_time_timezone parameter. |
Cx2l Firmware
|
| CVE-2023-31528 | May 11, 2023 |
Motorola CX2L Router 1.0.1 Command Injection via staticroute_listMotorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the staticroute_list parameter. |
Cx2l Firmware
|
| CVE-2022-30271 | Jul 26, 2022 |
Motorola ACE1000 RTU Hardcoded SSH Private Key Default CredentialThe Motorola ACE1000 RTU through 2022-05-02 ships with a hardcoded SSH private key and initialization scripts (such as /etc/init.d/sshd_service) only generate a new key if no private-key file exists. Thus, this hardcoded key is likely to be used by default. |
Ace1000 Firmware
|
| CVE-2021-3898 | Apr 22, 2022 |
Versions of Motorola Ready For and Motorola Device Help Android applications prior to 2021-04-08 do not properly verify the server certificateVersions of Motorola Ready For and Motorola Device Help Android applications prior to 2021-04-08 do not properly verify the server certificate which could lead to the communication channel being accessible by an attacker. |
Device Help
Ready For
|
| CVE-2013-2596 | Apr 13, 2013 |
Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other productsInteger overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted /dev/graphics/fb0 mmap2 system calls, as demonstrated by the Motochopper pwn program. |
Android
|