Vulnerability identifier: #VU93536

Vulnerability risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-21466

CWE-ID: CWE-191

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
FastConnect 7800
Mobile applications / Mobile firmware & hardware
Immersive Home 3210 Platform
Mobile applications / Mobile firmware & hardware
Immersive Home 326 Platform
Mobile applications / Mobile firmware & hardware
IPQ5300
Mobile applications / Mobile firmware & hardware
IPQ5302
Mobile applications / Mobile firmware & hardware
IPQ5312
Mobile applications / Mobile firmware & hardware
IPQ5332
Mobile applications / Mobile firmware & hardware
IPQ9008
Mobile applications / Mobile firmware & hardware
IPQ9554
Mobile applications / Mobile firmware & hardware
IPQ9570
Mobile applications / Mobile firmware & hardware
IPQ9574
Mobile applications / Mobile firmware & hardware
QAM8255P
Mobile applications / Mobile firmware & hardware
QAM8620P
Mobile applications / Mobile firmware & hardware
QAM8650P
Mobile applications / Mobile firmware & hardware
QAM8775P
Mobile applications / Mobile firmware & hardware
QAMSRV1H
Mobile applications / Mobile firmware & hardware
QAMSRV1M
Mobile applications / Mobile firmware & hardware
QCA0000
Mobile applications / Mobile firmware & hardware
QCA6554A
Mobile applications / Mobile firmware & hardware
QCA6564AU
Mobile applications / Mobile firmware & hardware
QCA6574
Mobile applications / Mobile firmware & hardware
QCA6574A
Mobile applications / Mobile firmware & hardware
QCA6584AU
Mobile applications / Mobile firmware & hardware
QCA6595
Mobile applications / Mobile firmware & hardware
QCA6595AU
Mobile applications / Mobile firmware & hardware
QCA6678AQ
Mobile applications / Mobile firmware & hardware
QCA6696
Mobile applications / Mobile firmware & hardware
QCA6698AQ
Mobile applications / Mobile firmware & hardware
QCA8075
Mobile applications / Mobile firmware & hardware
QCA8081
Mobile applications / Mobile firmware & hardware
QCA8082
Mobile applications / Mobile firmware & hardware
QCA8084
Mobile applications / Mobile firmware & hardware
QCA8085
Mobile applications / Mobile firmware & hardware
QCA8386
Mobile applications / Mobile firmware & hardware
QCC2073
Mobile applications / Mobile firmware & hardware
QCC2076
Mobile applications / Mobile firmware & hardware
QCF8000
Mobile applications / Mobile firmware & hardware
QCF8001
Mobile applications / Mobile firmware & hardware
QCN5124
Mobile applications / Mobile firmware & hardware
QCN6402
Mobile applications / Mobile firmware & hardware
QCN6412
Mobile applications / Mobile firmware & hardware
QCN6422
Mobile applications / Mobile firmware & hardware
QCN6432
Mobile applications / Mobile firmware & hardware
QCN9000
Mobile applications / Mobile firmware & hardware
QCN9074
Mobile applications / Mobile firmware & hardware
QCN9274
Mobile applications / Mobile firmware & hardware
SA7255P
Mobile applications / Mobile firmware & hardware
SA7775P
Mobile applications / Mobile firmware & hardware
SA8255P
Mobile applications / Mobile firmware & hardware
SA8650P
Mobile applications / Mobile firmware & hardware
SA8770P
Mobile applications / Mobile firmware & hardware
SA8775P
Mobile applications / Mobile firmware & hardware
SRV1H
Mobile applications / Mobile firmware & hardware
SRV1L
Mobile applications / Mobile firmware & hardware
SRV1M
Mobile applications / Mobile firmware & hardware
SW5100
Mobile applications / Mobile firmware & hardware
SW5100P
Mobile applications / Mobile firmware & hardware
WCN3980
Mobile applications / Mobile firmware & hardware
WCN3988
Mobile applications / Mobile firmware & hardware
WSA8830
Mobile applications / Mobile firmware & hardware
WSA8835
Mobile applications / Mobile firmware & hardware
QCA6574AU
Hardware solutions / Firmware
SA8620P
Hardware solutions / Firmware
SA9000P
Hardware solutions / Firmware

Vendor: Qualcomm

Description

The vulnerability allows a remote attacker to read memory contents or crash the system.

The vulnerability exists due to improper input validation in WLAN Host Communication. A remote attacker can read memory contents or crash the system.

Mitigation
Install security update from vendor's website.

Vulnerable software versions

FastConnect 7800: All versions

Immersive Home 3210 Platform: All versions

Immersive Home 326 Platform: All versions

IPQ5300: All versions

IPQ5302: All versions

IPQ5312: All versions

IPQ5332: All versions

IPQ9008: All versions

IPQ9554: All versions

IPQ9570: All versions

IPQ9574: All versions

QAM8255P: All versions

QAM8620P: All versions

QAM8650P: All versions

QAM8775P: All versions

QAMSRV1H: All versions

QAMSRV1M: All versions

QCA0000: All versions

QCA6554A: All versions

QCA6564AU: All versions

QCA6574: All versions

QCA6574A: All versions

QCA6574AU: All versions

QCA6584AU: All versions

QCA6595: All versions

QCA6595AU: All versions

QCA6678AQ: All versions

QCA6696: All versions

QCA6698AQ: All versions

QCA8075: All versions

QCA8081: All versions

QCA8082: All versions

QCA8084: All versions

QCA8085: All versions

QCA8386: All versions

QCC2073: All versions

QCC2076: All versions

QCF8000: All versions

QCF8001: All versions

QCN5124: All versions

QCN6402: All versions

QCN6412: All versions

QCN6422: All versions

QCN6432: All versions

QCN9000: All versions

QCN9074: All versions

QCN9274: All versions

SA7255P: All versions

SA7775P: All versions

SA8255P: All versions

SA8620P: All versions

SA8650P: All versions

SA8770P: All versions

SA8775P: All versions

SA9000P: All versions

SRV1H: All versions

SRV1L: All versions

SRV1M: All versions

SW5100: All versions

SW5100P: All versions

WCN3980: All versions

WCN3988: All versions

WSA8830: All versions

WSA8835: All versions

---

External links
http://docs.qualcomm.com/product/publicresources/securitybulletin/july-2024-bulletin.html

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.