CVE-2026-5804
Improper Authentication in Motorola Factory Test Component
Publication date: 2026-05-19
Last updated on: 2026-05-19
Assigner: Lenovo Group Ltd.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| motorola | factory_test | * |
| motorola | factory_test | to 2026-04-05 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
To mitigate the improper authentication vulnerability in the Motorola Factory Test component (com.motorola.motocit), ensure that your device is updated with the latest security patch level, specifically versions with security patches applied after 2026-04-05.
Applying the vendor-provided security updates will address the writable file descriptor issue in external storage that allows local attackers to bypass permission checks.
Can you explain this vulnerability to me?
This vulnerability is an improper authentication issue found in the Motorola Factory Test component (com.motorola.motocit). The application references a writable file descriptor in external storage that third-party apps on the device can exploit to open a TCP server. This flaw allows a local attacker to bypass permission checks and gain access to protected device settings.
How can this vulnerability impact me? :
The vulnerability can allow a local attacker to bypass permission checks on the device, potentially exposing sensitive permissions and data. This means unauthorized apps could access and manipulate protected device settings, which could compromise device security and user privacy.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows a local attacker to bypass permission checks and access protected device settings by exploiting improper authentication in the Motorola Factory Test component. Such unauthorized access to sensitive permissions and data could lead to violations of data protection and privacy requirements outlined in standards like GDPR and HIPAA, which mandate strict controls over access to personal and sensitive information.
By exposing sensitive device settings and data to unauthorized applications, the vulnerability increases the risk of data breaches and unauthorized data processing, potentially resulting in non-compliance with regulations that require safeguarding personal data and ensuring proper authorization mechanisms.