Vulnerability identifier: #VU93533
Vulnerability risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-126
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
AR8035
Mobile applications /
Mobile firmware & hardware
FastConnect 7800
Mobile applications /
Mobile firmware & hardware
QAM8255P
Mobile applications /
Mobile firmware & hardware
QAM8620P
Mobile applications /
Mobile firmware & hardware
QAM8650P
Mobile applications /
Mobile firmware & hardware
QAM8775P
Mobile applications /
Mobile firmware & hardware
QAMSRV1H
Mobile applications /
Mobile firmware & hardware
QAMSRV1M
Mobile applications /
Mobile firmware & hardware
QCA6554A
Mobile applications /
Mobile firmware & hardware
QCA6564AU
Mobile applications /
Mobile firmware & hardware
QCA6574
Mobile applications /
Mobile firmware & hardware
QCA6574A
Mobile applications /
Mobile firmware & hardware
QCA6584AU
Mobile applications /
Mobile firmware & hardware
QCA6595
Mobile applications /
Mobile firmware & hardware
QCA6595AU
Mobile applications /
Mobile firmware & hardware
QCA6678AQ
Mobile applications /
Mobile firmware & hardware
QCA6696
Mobile applications /
Mobile firmware & hardware
QCA6698AQ
Mobile applications /
Mobile firmware & hardware
QCA8081
Mobile applications /
Mobile firmware & hardware
QCA8337
Mobile applications /
Mobile firmware & hardware
QCC2073
Mobile applications /
Mobile firmware & hardware
QCC2076
Mobile applications /
Mobile firmware & hardware
QCC710
Mobile applications /
Mobile firmware & hardware
QCN6224
Mobile applications /
Mobile firmware & hardware
QCN6274
Mobile applications /
Mobile firmware & hardware
QFW7114
Mobile applications /
Mobile firmware & hardware
QFW7124
Mobile applications /
Mobile firmware & hardware
SA7255P
Mobile applications /
Mobile firmware & hardware
SA7775P
Mobile applications /
Mobile firmware & hardware
SA8255P
Mobile applications /
Mobile firmware & hardware
SA8650P
Mobile applications /
Mobile firmware & hardware
SA8770P
Mobile applications /
Mobile firmware & hardware
SA8775P
Mobile applications /
Mobile firmware & hardware
Snapdragon Auto 5G Modem-RF Gen 2
Mobile applications /
Mobile firmware & hardware
Snapdragon X72 5G Modem-RF System
Mobile applications /
Mobile firmware & hardware
Snapdragon X75 5G Modem-RF System
Mobile applications /
Mobile firmware & hardware
SRV1H
Mobile applications /
Mobile firmware & hardware
SRV1L
Mobile applications /
Mobile firmware & hardware
SRV1M
Mobile applications /
Mobile firmware & hardware
WCD9340
Mobile applications /
Mobile firmware & hardware
QCA6574AU
Hardware solutions /
Firmware
SA8620P
Hardware solutions /
Firmware
SA9000P
Hardware solutions /
Firmware
Vendor: Qualcomm
Description
The vulnerability allows a remote attacker to read memory contents or crash the system.
The vulnerability exists due to improper input validation in WLAN HOST. A remote attacker can read memory contents or crash the system.
Mitigation
Install security update from vendor's website.
Vulnerable software versions
AR8035: All versions
FastConnect 7800: All versions
QAM8255P: All versions
QAM8620P: All versions
QAM8650P: All versions
QAM8775P: All versions
QAMSRV1H: All versions
QAMSRV1M: All versions
QCA6554A: All versions
QCA6564AU: All versions
QCA6574: All versions
QCA6574A: All versions
QCA6574AU: All versions
QCA6584AU: All versions
QCA6595: All versions
QCA6595AU: All versions
QCA6678AQ: All versions
QCA6696: All versions
QCA6698AQ: All versions
QCA8081: All versions
QCA8337: All versions
QCC2073: All versions
QCC2076: All versions
QCC710: All versions
QCN6224: All versions
QCN6274: All versions
QFW7114: All versions
QFW7124: All versions
SA7255P: All versions
SA7775P: All versions
SA8255P: All versions
SA8620P: All versions
SA8650P: All versions
SA8770P: All versions
SA8775P: All versions
SA9000P: All versions
Snapdragon Auto 5G Modem-RF Gen 2: All versions
Snapdragon X72 5G Modem-RF System: All versions
Snapdragon X75 5G Modem-RF System: All versions
SRV1H: All versions
SRV1L: All versions
SRV1M: All versions
WCD9340: All versions
External links
http://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.