CVE-2024-38426

MEDIUM

2025-03-03 [email protected]

5.4

CVSS 3.1

Share

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

Low

Lifecycle Timeline

2

Analysis Generated

Mar 28, 2026 - 18:29 vuln.today

CVE Published

Mar 03, 2025 - 11:15 nvd

MEDIUM 5.4

Tags

Information Disclosure Authentication Bypass 315 5g Iot Firmware 9205 Lte Firmware Ar8035 Firmware Csra6620 Firmware Csra6640 Firmware Csrb31024 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware Fastconnect 6800 Firmware Fastconnect 6900 Firmware Fastconnect 7800 Firmware Mdm9205S Firmware Mdm9628 Firmware Mdm9640 Firmware Msm8996au Firmware Qca4004 Firmware Qca6174a Firmware Qca6310 Firmware Qca6320 Firmware Qca6391 Firmware Qca6564a Firmware Qca6564au Firmware Qca6574a Firmware Qca6574au Firmware Qca6584 Firmware Qca6584au Firmware Qca6595au Firmware Qca6696 Firmware Qca6698aq Firmware Qca8081 Firmware Qca8337 Firmware Qca9367 Firmware Qca9377 Firmware Qcc710 Firmware Qcc711 Firmware Qcm2150 Firmware Qcm2290 Firmware Qcm4290 Firmware Qcm4325 Firmware Qcm4490 Firmware Qcm6125 Firmware Qcn6024 Firmware Qcn6224 Firmware Qcn6274 Firmware Qcn9024 Firmware Qcs2290 Firmware Qcs410 Firmware Qcs4290 Firmware Qcs4490 Firmware Qcs610 Firmware Qcs6125 Firmware Qep8111 Firmware Qfw7114 Firmware Qfw7124 Firmware Qts110 Firmware 205 Firmware 215 Firmware Video Collaboration Vc1 Platform Firmware Video Collaboration Vc3 Platform Firmware Robotics Rb2 Firmware Sd 675 Firmware Sd 8 Gen1 5g Firmware Sd675 Firmware Sd730 Firmware Sd835 Firmware Sdm429w Firmware Sdx55 Firmware Sdx57m Firmware Sdx61 Firmware Sdx71m Firmware Sdx80m Firmware Sg4150p Firmware Sm6650 Firmware Sm7250p Firmware Sm7635 Firmware Sm7675 Firmware Sm7675p Firmware Sm8635 Firmware Sm8635p Firmware Sm8650q Firmware Wsa8835 Firmware Wsa8840 Firmware Wsa8845 Firmware Wsa8845h Firmware Smart Audio 400 Firmware Snapdragon 210 Firmware Snapdragon 212 Firmware Snapdragon 4 Gen 1 Firmware Snapdragon 429 Firmware Snapdragon 439 Firmware Snapdragon 460 Firmware Snapdragon 480 5G Firmware Snapdragon 662 Firmware Snapdragon 665 Firmware Snapdragon 675 Firmware Snapdragon 678 Firmware Snapdragon 680 4G Firmware Snapdragon 685 4G Firmware Snapdragon 690 5G Firmware Snapdragon 695 5G Firmware Snapdragon 730 Firmware Snapdragon 730G Firmware Snapdragon 732G Firmware Snapdragon 765 5G Firmware Snapdragon 765G 5G Firmware Snapdragon 768G 5G Firmware Snapdragon 8 Gen 1 Firmware Snapdragon 8 Gen 3 Firmware Snapdragon 835 Mobile Pc Firmware Snapdragon 865 5G Firmware Snapdragon 8657 5G Firmware Snapdragon 870 5G Firmware Snapdragon Auto 5g Rf Firmware Snapdragon Auto 5g Rf Gen 2 Firmware Snapdragon W5 Gen 1 Firmware Snapdragon Wear 1300 Firmware Snapdragon Wear 4100 Firmware Snapdragon X12 Lte Firmware Snapdragon X35 5g Rf Firmware Snapdragon X5 Lte Firmware Snapdragon X55 5g Rf Firmware Snapdragon X62 5g Rf Firmware Snapdragon X65 5g Rf Firmware Snapdragon X70 Rf Firmware Snapdragon X72 5g Rf Firmware Snapdragon X75 5g Rf Firmware Snapdragon Auto 4g Firmware Sw5100 Firmware Sw5100p Firmware Wcd9306 Firmware Wcd9326 Firmware Wcd9330 Firmware Wcd9335 Firmware Wcd9340 Firmware Wcd9341 Firmware Wcd9370 Firmware Wcd9371 Firmware Wcd9375 Firmware Wcd9378 Firmware Wcd9380 Firmware Wcd9385 Firmware Wcd9390 Firmware Wcd9395 Firmware Wcn3610 Firmware Wcn3615 Firmware Wcn3620 Firmware Wcn3660b Firmware Wcn3680 Firmware Wcn3680b Firmware Wcn3910 Firmware Wcn3950 Firmware Wcn3980 Firmware Wcn3988 Firmware Wcn3990 Firmware Wcn6450 Firmware Wcn6650 Firmware Wcn6755 Firmware Wcn7861 Firmware Wcn7881 Firmware Wsa8810 Firmware Wsa8815 Firmware Wsa8830 Firmware Wsa8832 Firmware

Description

While processing the authentication message in UE, improper authentication may lead to information disclosure.

Analysis

While processing the authentication message in UE, improper authentication may lead to information disclosure. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical Context

This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. While processing the authentication message in UE, improper authentication may lead to information disclosure. Affected products include: Qualcomm 315 5G Iot Firmware, Qualcomm 9205 Lte Firmware, Qualcomm Ar8035 Firmware, Qualcomm Csra6620 Firmware, Qualcomm Csra6640 Firmware.

Affected Products

Qualcomm 315 5G Iot Firmware, Qualcomm 9205 Lte Firmware, Qualcomm Ar8035 Firmware, Qualcomm Csra6620 Firmware, Qualcomm Csra6640 Firmware.

Remediation

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.

Priority Score

27

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +27

POC: 0

Share

CVE-2024-38426 vulnerability details – vuln.today

Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy