Skip to main content

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Sep 20, 2018 - 13:29 nvd
HIGH 7.5

DescriptionNVD

In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016, MAC address randomization performed during probe requests is not done properly due to a flawed RNG which produced repeating output much earlier than expected.

AnalysisAI

In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 820A,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-338. In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016, MAC address randomization performed during probe requests is not done properly due to a flawed RNG which produced repeating output much earlier than expected. Affected products include: Qualcomm Ipq8074 Firmware, Qualcomm Mdm9206 Firmware, Qualcomm Mdm9607 Firmware, Qualcomm Mdm9640 Firmware, Qualcomm Mdm9650 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2020-11117 CRITICAL POC
9.8 Sep 08

u'In the lbd service, an external user can issue a specially crafted debug command to overwrite arbitrary files with arb

CVE-2024-21473 CRITICAL
9.8 Apr 01

Memory corruption while redirecting log file to any file location with any file name. Rated critical severity (CVSS 9.8)

CVE-2022-25748 CRITICAL
9.8 Oct 19

Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames. Rated critical severity (

CVE-2021-1976 CRITICAL
9.8 Sep 17

A use after free can occur due to improper validation of P2P device address in PD Request frame in Snapdragon Auto, Snap

CVE-2021-1972 CRITICAL
9.8 Sep 08

Possible buffer overflow due to improper validation of device types during P2P search in Snapdragon Auto, Snapdragon Com

CVE-2020-3657 CRITICAL
9.8 Nov 02

u'Remote code execution can happen by sending a carefully crafted POST query when Device configuration is accessed from

CVE-2020-11172 CRITICAL
9.8 Nov 02

u'fscanf reads a string from a file and stores its contents on a statically allocated stack memory which leads to stack

CVE-2020-3675 CRITICAL
9.8 Sep 08

u'Potential integer underflow while parsing Service Info and IPv6 link-local TLVs that comes as part of NDPE attribute'

CVE-2020-3669 CRITICAL
9.8 Sep 08

u'Buffer Overflow issue in WLAN tcp ip verification due to usage of out of range pointer offset' in Snapdragon Auto, Sna

CVE-2020-3668 CRITICAL
9.8 Sep 08

u'Buffer overflow while parsing PMF enabled MCBC frames due to frame length being lesser than what is expected while par

CVE-2020-3667 CRITICAL
9.8 Sep 08

u'Buffer Overflow in mic calculation for WPA due to copying data into buffer without validating the length of buffer' in

CVE-2020-3614 CRITICAL
9.8 Jun 22

Possible buffer overflow while copying the frame to local buffer due to lack of check of length before copying in Snapdr

Share

CVE-2018-5837 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy