Csr8811 Firmware
CVE-2022-25652
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Cryptographic issues in BSP due to improper hash verification in Snapdragon Wired Infrastructure and Networking
AnalysisAI
Cryptographic issues in BSP due to improper hash verification in Snapdragon Wired Infrastructure and Networking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. Cryptographic issues in BSP due to improper hash verification in Snapdragon Wired Infrastructure and Networking Affected products include: Qualcomm Csr8811 Firmware, Qualcomm Ipq5010 Firmware, Qualcomm Ipq5018 Firmware, Qualcomm Ipq5028 Firmware, Qualcomm Ipq6000 Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.
More in Csr8811 Firmware
View allMemory corruption while redirecting log file to any file location with any file name. Rated critical severity (CVSS 9.8)
Memory corruption while redirecting log file to any file location with any file name. Rated critical severity (CVSS 9.8)
Memory corruption in WLAN Host while processing RRM beacon on the AP. Rated critical severity (CVSS 9.8), this vulnerabi
Memory corruption while sending an Assoc Request having BTM Query or BTM Response containing MBO IE. Rated critical seve
Memory corruption in WLAN Firmware while parsing a NAN management frame carrying a S3 attribute. Rated critical severity
Memory corruption in WLAN Firmware while doing a memory copy of pmk cache. Rated critical severity (CVSS 9.8), this vuln
Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames. Rated critical severity (
A use after free can occur due to improper validation of P2P device address in PD Request frame in Snapdragon Auto, Snap
Possible buffer overflow due to improper validation of device types during P2P search in Snapdragon Auto, Snapdragon Com
Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Auto, Snapdrago
Memory corruption in TZ Secure OS while requesting a memory allocation from TA region. Rated critical severity (CVSS 9.3
Memory corruption in HLOS while running playready use-case. Rated critical severity (CVSS 9.3), this vulnerability is no
Same weakness CWE-287 – Improper Authentication
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today