Skip to main content

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 29, 2018 - 18:29 nvd
HIGH 7.8

DescriptionNVD

Buffer overwrite can happen in WLAN function while processing set pdev parameter command due to lack of input validation in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version IPQ4019, IPQ8064, IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, QCA9531, QCA9558, QCA9563, QCA9880, QCA9886, QCA9980, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016.

AnalysisAI

Buffer overwrite can happen in WLAN function while processing set pdev parameter command due to lack of input validation in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. Buffer overwrite can happen in WLAN function while processing set pdev parameter command due to lack of input validation in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version IPQ4019, IPQ8064, IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, QCA9531, QCA9558, QCA9563, QCA9880, QCA9886, QCA9980, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016. Affected products include: Qualcomm Ipq4019 Firmware, Qualcomm Ipq8064 Firmware, Qualcomm Ipq8074 Firmware, Qualcomm Mdm9206 Firmware, Qualcomm Mdm9607 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2020-11117 CRITICAL POC
9.8 Sep 08

u'In the lbd service, an external user can issue a specially crafted debug command to overwrite arbitrary files with arb

CVE-2024-21473 CRITICAL
9.8 Apr 01

Memory corruption while redirecting log file to any file location with any file name. Rated critical severity (CVSS 9.8)

CVE-2023-33083 CRITICAL
9.8 Dec 05

Memory corruption in WLAN Host while processing RRM beacon on the AP. Rated critical severity (CVSS 9.8), this vulnerabi

CVE-2023-33082 CRITICAL
9.8 Dec 05

Memory corruption while sending an Assoc Request having BTM Query or BTM Response containing MBO IE. Rated critical seve

CVE-2021-1976 CRITICAL
9.8 Sep 17

A use after free can occur due to improper validation of P2P device address in PD Request frame in Snapdragon Auto, Snap

CVE-2021-1972 CRITICAL
9.8 Sep 08

Possible buffer overflow due to improper validation of device types during P2P search in Snapdragon Auto, Snapdragon Com

CVE-2021-1965 CRITICAL POC
9.8 Jul 13

Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Auto, Snapdrago

CVE-2020-3657 CRITICAL
9.8 Nov 02

u'Remote code execution can happen by sending a carefully crafted POST query when Device configuration is accessed from

CVE-2020-11172 CRITICAL
9.8 Nov 02

u'fscanf reads a string from a file and stores its contents on a statically allocated stack memory which leads to stack

CVE-2022-22062 CRITICAL
9.1 Sep 02

An out-of-bounds read can occur while parsing a server certificate due to improper length check in Snapdragon Auto, Snap

CVE-2021-1980 CRITICAL
9.1 Oct 20

Possible buffer over read due to lack of length check while parsing beacon IE response in Snapdragon Auto, Snapdragon Co

CVE-2025-47339 HIGH
7.8 Jan 07

Memory corruption while deinitializing a HDCP session. [CVSS 7.8 HIGH]

Share

CVE-2018-11871 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy