Sm7250p Firmware
CVE-2024-38426
MEDIUM
Severity by source
AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Lifecycle Timeline
2DescriptionCVE.org
While processing the authentication message in UE, improper authentication may lead to information disclosure.
AnalysisAI
While processing the authentication message in UE, improper authentication may lead to information disclosure. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. While processing the authentication message in UE, improper authentication may lead to information disclosure. Affected products include: Qualcomm 315 5G Iot Firmware, Qualcomm 9205 Lte Firmware, Qualcomm Ar8035 Firmware, Qualcomm Csra6620 Firmware, Qualcomm Csra6640 Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.
More in Sm7250p Firmware
View allCVE-2024-53026 is an information disclosure vulnerability in IMS (IP Multimedia Subsystem) implementations affecting VoL
CVE-2024-53021 is an information disclosure vulnerability in RTCP (Real-time Transport Control Protocol) packet processi
CVE-2024-53020 is an information disclosure vulnerability in RTP (Real-time Transport Protocol) packet processing that o
Memory corruption while reading the FW response from the shared queue. Rated high severity (CVSS 7.8), this vulnerabilit
Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential f
Memory corruption during the FRS UDS generation process. Rated high severity (CVSS 7.8), this vulnerability is low attac
Memory corruption while triggering commands in the PlayReady Trusted application. Rated high severity (CVSS 7.8), this v
Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling. Rated high se
Memory corruption while reading secure file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity
Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions. Rated high se
Memory corruption may occur while validating ports and channels in Audio driver. Rated high severity (CVSS 7.8), this vu
Memory corruption while calling the NPU driver APIs concurrently. Rated high severity (CVSS 7.8), this vulnerability is
Same weakness CWE-287 – Improper Authentication
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today