Qca6174 Firmware
CVE-2019-10617
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Low privilege users can access service configuration which contains registry data that admins uses to create or delete entries in the registry in QCA6174_9377.WIN.1.0 in QCA6174_9377
AnalysisAI
Low privilege users can access service configuration which contains registry data that admins uses to create or delete entries in the registry in QCA6174_9377.WIN.1.0 in QCA6174_9377. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
Low privilege users can access service configuration which contains registry data that admins uses to create or delete entries in the registry in QCA6174_9377.WIN.1.0 in QCA6174_9377 Affected products include: Qualcomm Qca6174 Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Qca6174 Firmware
View allMemory Corruption in Data Modem while making a MO call or MT VOLTE call. Rated critical severity (CVSS 9.8), this vulner
Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames. Rated critical severity (
Memory corruption in WLAN due to out of bound array access during connect/roaming in Snapdragon Auto, Snapdragon Compute
Cryptographic issue in WLAN due to improper check on return value while authentication handshake in Snapdragon Auto, Sna
Possible heap overflow due to improper length check of domain while parsing the DNS response in Snapdragon Auto, Snapdra
A use after free can occur due to improper validation of P2P device address in PD Request frame in Snapdragon Auto, Snap
Possible buffer overflow due to improper validation of device types during P2P search in Snapdragon Auto, Snapdragon Com
Integer underflow can occur due to improper handling of incoming RTCP packets in Snapdragon Auto, Snapdragon Compute, Sn
Possible buffer underflow due to lack of check for negative indices values when processing user provided input in Snapdr
Information disclosure in WLAN due to improper length check while processing authentication handshake in Snapdragon Auto
An out-of-bounds read can occur while parsing a server certificate due to improper length check in Snapdragon Auto, Snap
Possible information exposure and denial of service due to NAS not dropping messages when integrity check fails in Snapd
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today