CVE-2020-36982

HIGH

Motorola Device Manager 2.5.4 - Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-36982. PoCs published by Angel Canseco.

AI-analyzed exploit summary This is a technical writeup detailing an unquoted service path vulnerability in Motorola Device Manager 2.5.4. The vulnerability allows local privilege escalation by exploiting the service path to execute arbitrary code with elevated privileges upon system reboot.

Description

Motorola Device Manager 2.5.4 contains an unquoted service path vulnerability in the MotoHelperService.exe service that allows local users to potentially inject malicious code. Attackers can exploit the unquoted path in the service configuration to execute arbitrary code with elevated system privileges during service startup.

Exploits (1)

exploitdb WRITEUP
by Angel Canseco · textlocalwindows
https://www.exploit-db.com/exploits/49012

This is a technical writeup detailing an unquoted service path vulnerability in Motorola Device Manager 2.5.4. The vulnerability allows local privilege escalation by exploiting the service path to execute arbitrary code with elevated privileges upon system reboot.

Classification
Writeup 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: Motorola Device Manager 2.5.4
Auth required
Prerequisites: Local access to the system · Ability to write to the system root path
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 7.8
EPSS 0.0016
EPSS Percentile 5.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-428
Status published
Products (1)
Motorola-Device-Manager/Motorola Device Manager 2.5.4
Published Jan 27, 2026
Tracked Since Feb 18, 2026