Phones Security Vulnerabilities
An Implicit intent vulnerability was reported in the Motorola framework that could allow an attacker to read telephony-related...
2.8CVSS
6.6AI Score
0.0004EPSS
An improper export vulnerability was reported in the Motorola Enterprise MotoDpms Provider (com.motorola.server.enterprise.MotoDpmsProvider) that could allow a local attacker to read local...
2.8CVSS
6.4AI Score
0.0004EPSS
A hard-coded AES key vulnerability was reported in the Motorola GuideMe application, along with a lack of URI sanitation, could allow for a local attacker to read arbitrary...
6.3CVSS
6.6AI Score
0.0005EPSS
A PendingIntent hijacking vulnerability in Motorola Device Help (Genie) application that could allow local attackers to access files or interact with non-exported software components without...
5.1CVSS
6.6AI Score
0.0004EPSS
An implicit intent vulnerability was reported for Motorola’s Time Weather Widget application that could allow a local application to acquire the location of the device without...
5.5CVSS
6.6AI Score
0.0004EPSS
An implicit intent export vulnerability was reported in the Motorola Phone application, that could allow unauthorized access to a non-exported content...
4.4CVSS
6.7AI Score
0.0004EPSS
An improper absolute path traversal vulnerability was reported for the Ready For application allowing a local application access to files without...
6.5CVSS
6.6AI Score
0.0004EPSS
An improper export vulnerability was reported in the Motorola Phone Extension application, that could allow a local attacker to execute unauthorized...
4.4CVSS
6.8AI Score
0.0004EPSS
A an improper export vulnerability was reported in the Motorola Setup application that could allow a local attacker to read sensitive user...
5CVSS
6.3AI Score
0.0004EPSS
An improper export vulnerability was reported in the Motorola Interface Test Tool application that could allow a malicious local application to execute OS...
4.8CVSS
6.8AI Score
0.0004EPSS
An implicit intent vulnerability was reported in the Motorola Phone Calls application that could allow a local attacker to read the calling phone number and calling...
2.8CVSS
6.4AI Score
0.0004EPSS
A path traversal vulnerability was reported in the Motorola Ready For application that could allow a local attacker to access local...
2.8CVSS
6.5AI Score
0.0004EPSS
An improper use of the SD card for sensitive data vulnerability was reported in the Motorola Device Help application that could allow a local attacker to read system...
5CVSS
6.5AI Score
0.0004EPSS
A PendingIntent hijacking vulnerability was reported in the Motorola Face Unlock application that could allow a local attacker to access unauthorized content...
6.1CVSS
6.5AI Score
0.0004EPSS
An implicit intent vulnerability was reported in the Motorola Ready For application that could allow a local attacker to read information about connected Bluetooth audio...
5CVSS
6.1AI Score
0.0004EPSS
An improper export vulnerability was reported in the Motorola Services Main application that could allow a local attacker to write to a local...
5CVSS
6.5AI Score
0.0004EPSS
An improper export vulnerability was reported in the Motorola Phone Calls application that could allow a local attacker to read unauthorized...
2.8CVSS
6.4AI Score
0.0004EPSS
A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a DoS condition. This vulnerability is due to insufficient validation of user-supplied input. An attacker could...
7.5CVSS
6.9AI Score
0.0004EPSS
A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. This vulnerability is due to a lack of authentication for specific endpoints of the web-based management...
7.5CVSS
7AI Score
0.0004EPSS
A vulnerability in the XML service of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to initiate phone calls on an affected device. This vulnerability exists because bounds-checking does not occur while parsing XML requests. An attacker could exploit this vulnerability...
5.9CVSS
7AI Score
0.0004EPSS
An improper export vulnerability was reported in the Motorola OTA update application, that could allow a malicious, local application to inject an HTML-based message on screen...
5.1CVSS
5.1AI Score
0.0004EPSS
An improper export vulnerability was reported in the Motorola Carrier Services application that could allow a malicious, local application to read files without...
5CVSS
4.9AI Score
0.0004EPSS
A vulnerability in the web-based management interface of a small subset of Cisco IP Phones could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation....
5.5CVSS
5AI Score
0.0005EPSS
There is a permission and access control vulnerability in some ZTE mobile phones. Due to improper access control, applications in mobile phone could monitor the...
4.7CVSS
4.2AI Score
0.0004EPSS
A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based management interface of an affected.....
6.5CVSS
6.6AI Score
0.001EPSS
A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to to modify a web page in the context of a user's browser. This vulnerability is due to insufficient validation of user-supplied input by the...
6.1CVSS
6AI Score
0.001EPSS
A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to conduct XSS attacks. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the...
6.1CVSS
6.3AI Score
0.001EPSS
A vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to a missing authentication process within the firmware upgrade function. An...
9.8CVSS
9.6AI Score
0.003EPSS
Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this...
9.8CVSS
9.6AI Score
0.003EPSS
Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this...
9.8CVSS
7.9AI Score
0.002EPSS
A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit....
8.6CVSS
6.6AI Score
0.001EPSS
The image-upgrade functionality on Cisco 9900 Unified IP phones allows local users to gain privileges by placing shell commands in an unspecified parameter, aka Bug ID...
7AI Score
0.0004EPSS
Buffer overflow in the web-application interface on Cisco 9900 IP phones allows remote attackers to cause a denial of service (webapp interface outage) via long values in unspecified fields, aka Bug ID...
7.1AI Score
0.007EPSS
The Serviceability servlet on Cisco 9900 IP phones does not properly restrict paths, which allows remote attackers to read arbitrary files by specifying a pathname in a file request, aka Bug ID...
6.8AI Score
0.002EPSS
Improper validation of integrity check vulnerability in Samsung USB Driver Windows Installer for Mobile Phones prior to version 1.7.56.0 allows local attackers to delete arbitrary directory using directory...
5.5CVSS
5.4AI Score
0.0004EPSS
A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could...
7.4CVSS
7.2AI Score
0.002EPSS
A vulnerability in the debug shell of Cisco IP Phone software could allow an authenticated, local attacker to read any file on the device file system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by providing crafted input to a debug...
5.5CVSS
5.2AI Score
0.0004EPSS
A vulnerability in the TCP packet processing functionality of Cisco IP Phones could allow an unauthenticated, remote attacker to cause the phone to stop responding to incoming calls, drop connected calls, or unexpectedly reload. The vulnerability is due to insufficient TCP ingress packet rate...
7.5CVSS
7.5AI Score
0.002EPSS
A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit...
6.6CVSS
6.7AI Score
0.0004EPSS
A vulnerability in the implementation of Session Initiation Protocol (SIP) processing in Cisco Small Business SPA514G IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is....
7.5CVSS
7.5AI Score
0.002EPSS
A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security (TLS)-encrypted Session Initiation Protocol (SIP) conversation. The...
7.4CVSS
7.5AI Score
0.002EPSS
A vulnerability in the web-based management interface of Cisco Unified IP Phone 7900 Series could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to...
6.1CVSS
5.9AI Score
0.001EPSS
A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS)...
7.5CVSS
7.6AI Score
0.002EPSS
A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this vulnerability by...
8.8CVSS
8.8AI Score
0.002EPSS
A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The...
7.5CVSS
7.6AI Score
0.002EPSS
A vulnerability in the handling of IP fragments for the Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to the...
7.5CVSS
7.5AI Score
0.002EPSS
On Lenovo VIBE mobile phones, the Lenovo Security Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and...
6.4CVSS
6.6AI Score
0.001EPSS
On Lenovo VIBE mobile phones, the Idea Friend Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and...
6.4CVSS
6.6AI Score
0.001EPSS
On Lenovo VIBE mobile phones, improper access controls on the nac_server component can be abused in conjunction with CVE-2017-3749 and CVE-2017-3750 to elevate privileges to the root user (commonly known as 'rooting' or "jail breaking" a...
7.8CVSS
6.3AI Score
0.001EPSS
A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software fails.....
7.5CVSS
7.8AI Score
0.015EPSS