RSS   Vulnerabilities for 'V600'   RSS

2006-03-23
 
CVE-2006-1367

CWE-200
 

 
The Motorola PEBL U6 08.83.76R, the Motorola V600, and possibly the Motorola E398 and other Motorola P2K-based phones does not require pairing for a connection related to the Headset Audio Gateway service, which allows user-assisted remote attackers to obtain AT level access and view phonebook entries and saved SMS messages by connecting on Bluetooth channel 3 and tricking the user into pressing Grant, aka a "Blueline" attack. NOTE: while user-assisted, the attack is made more feasible because of a GUI misrepresentation issue that allows a default message to be replaced by an attacker-specified one.

 
 
CVE-2006-1365

CWE-Other
 

 
The Motorola PEBL U6, the Motorola V600, and possibly the Motorola E398 and other Motorola phones allow remote attackers to add an entry for their own Bluetooth device to a target device's list of trusted devices (aka Device History), and possibly obtain AT level access to the target device, by initiating and interrupting an OBEX Push Profile that pretends to send a vCard, aka a "HeloMoto" attack.

 

 >>> Vendor: Motorola 32 Products
Motorola cablerouter
Surfboard
Wr850g
Motorola cable modem
E398
Pebl u6
V600
Motorazr
Timbuktu
Netoctopus
RAZR
Cpei300
Timbuktu pro
Surfboard sbv6120e
Atrix hd
Razr hd
Razr m
Android
Defy xt
Motorola scanner sdk
Moscad ip gateway firmware
Mx011anm firmware
Mbp853 firmware
Sbg901 firmware
Sbg941 firmware
Svg1202 firmware
C1 firmware
M2 firmware
Cx2 firmware
Cx2l mwr04l firmware
C1 mwr03 firmware
Motorola firmware


Copyright 2019, cxsecurity.com

 

Back to Top