CVE-2026-5804

Summary

An improper authentication vulnerability was discovered in the Motorola Factory Test component (com.motorola.motocit). The application contained a reference to a writable file descriptor in external storage which could be used by third party apps running on the device to open a TCP server, exposing sensitive permissions and data. This could allow a local attacker to bypass permission checks and access protected device settings.

Affected Software

VendorProductVersion RangeStatus
MotorolaPhones0 < 2026-04-05affected

Weaknesses

  • CWE‑306: Missing Authentication for Critical Function
  • CWE‑285: Improper Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References