Headline
CVE-2022-3917: Improper access control vulnerability in Motorola e20 bootloader| Motorola Support US
Improper access control of bootloader function was discovered in Motorola Mobility Motorola e20 prior to version RONS31.267-38-8 allows attacker with local access to read partition or RAM data.
Motorola Security Advisory: MML-2022-44981
Potential Impact: Information Disclosure
Severity: Medium
CVSS 3.1 Base Score
4.6
CVSS 3.1 Temporal Score
4.3
CVSS 3.1 Vector
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:U/RC:C
Scope of Impact: Limited to a single Motorola product
CVE Identifier: CVE-2022-3917
Summary Description:
A vulnerability was reported for the Motorola e20 phone that could allow an attacker with local physical access to fetch RAM or partition data from the device. With physical access an attacker, and with the device connected with a host PC under their control, could read arbitrary RAM data that is still resident after a reboot.
Mitigation Strategy for Customers (what you should do to protect yourself):
Update your Moto e20 to the latest software version. Software versions with a SPL of 2022-08-05 or later includes a fix for this vulnerability.
As a security best practice, keep Developer Mode disabled. If you do need Developer Mode enabled, disable it before USB-connecting an unknown or uncontrolled host.
Do not hand your phone over to someone you do not trust.
Acknowledgement:
Motorola thanks David Lodge from Pen Test Partners for reporting this issue.
Product Impact:
Motorola e20
Was this answer helpful?
Related news
Improper access control of bootloader function was discovered in Motorola Mobility Motorola e20 prior to version RONS31.267-38-8 allows attacker with local access to read partition or RAM data.