{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/factory-test-component-com.motorola.motocit/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.4,"id":"CVE-2026-5804"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Factory Test component (com.motorola.motocit)"],"_cs_severities":["high"],"_cs_tags":["privilege-escalation","android","cve-2026-5804"],"_cs_type":"advisory","_cs_vendors":["Motorola","Lenovo"],"content_html":"\u003cp\u003eCVE-2026-5804 describes an improper authentication vulnerability in the Motorola Factory Test component (com.motorola.motocit), which is a component present on Motorola (now Lenovo) Android devices. The vulnerability stems from the application containing a reference to a writable file descriptor in external storage. This flaw allows a malicious third-party application, running on the same device, to exploit this file descriptor to open a TCP server. This could expose sensitive permissions and data, enabling a local attacker to bypass permission checks and ultimately access protected device settings. This vulnerability poses a significant risk to device security and user privacy.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker installs a malicious application on the Android device.\u003c/li\u003e\n\u003cli\u003eThe malicious application identifies the writable file descriptor associated with the Motorola Factory Test component in external storage.\u003c/li\u003e\n\u003cli\u003eThe malicious application leverages the writable file descriptor to open a TCP server.\u003c/li\u003e\n\u003cli\u003eThe TCP server allows the malicious application to intercept communications intended for the Motorola Factory Test component.\u003c/li\u003e\n\u003cli\u003eThe malicious application bypasses authentication checks due to the exposed permissions.\u003c/li\u003e\n\u003cli\u003eThe malicious application gains unauthorized access to protected device settings.\u003c/li\u003e\n\u003cli\u003eThe attacker modifies sensitive device configurations, potentially compromising device security and user data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-5804 allows a local attacker to bypass permission checks and access protected device settings on affected Motorola devices. This could lead to unauthorized modification of device configurations, exposure of sensitive data, and overall compromise of device security. The vulnerability has a CVSS v3.1 base score of 8.4, indicating a high severity.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the security update provided by Lenovo as described in the Motorola support article to patch CVE-2026-5804 (\u003ca href=\"https://en-us.support.motorola.com/app/answers/detail/a_id/192534)\"\u003ehttps://en-us.support.motorola.com/app/answers/detail/a_id/192534)\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule provided below to detect applications attempting to access the Motorola Factory Test component via TCP connections.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-19T16:19:14Z","date_published":"2026-05-19T16:19:14Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-5804-motorola-factory-test-improper-auth/","summary":"The Motorola Factory Test component (com.motorola.motocit) contains an improper authentication vulnerability, allowing a local attacker to bypass permission checks and access protected device settings by leveraging a writable file descriptor in external storage to open a TCP server.","title":"CVE-2026-5804 - Motorola Factory Test Improper Authentication Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-5804-motorola-factory-test-improper-auth/"}],"language":"en","title":"CraftedSignal Threat Feed — Factory Test Component (Com.motorola.motocit)","version":"https://jsonfeed.org/version/1.1"}