Skip to main content

Sm7250p Firmware CVE-2024-38426

MEDIUM
Improper Authentication (CWE-287)
2025-03-03 product-security@qualcomm.com
Sm7250p Firmware Qcs6125 Firmware Qcs610 Firmware Sdx55 Firmware Sdx80m Firmware Snapdragon X35 5g Rf Firmware Snapdragon 765G 5G Firmware Snapdragon 730 Firmware Snapdragon 685 4G Firmware Snapdragon 429 Firmware Snapdragon 460 Firmware Qca6320 Firmware Snapdragon X72 5g Rf Firmware Snapdragon 662 Firmware Snapdragon 765 5G Firmware Snapdragon Auto 4g Firmware Snapdragon X12 Lte Firmware Snapdragon 730G Firmware Mdm9205S Firmware 315 5g Iot Firmware Qcm2150 Firmware Snapdragon X62 5g Rf Firmware Wcn3610 Firmware Qca6310 Firmware Snapdragon 870 5G Firmware Snapdragon 695 5G Firmware Sd675 Firmware Qcm4290 Firmware Qca4004 Firmware Snapdragon X55 5g Rf Firmware Sd730 Firmware Snapdragon 865 5G Firmware 9205 Lte Firmware 215 Firmware Snapdragon X5 Lte Firmware Snapdragon 768G 5G Firmware Wcn3680 Firmware Snapdragon 835 Mobile Pc Firmware Snapdragon 678 Firmware Snapdragon 8657 5G Firmware Snapdragon X70 Rf Firmware Qts110 Firmware Snapdragon 480 5G Firmware Sd 675 Firmware Snapdragon 439 Firmware Snapdragon 675 Firmware Snapdragon 210 Firmware Sd835 Firmware Snapdragon 212 Firmware Snapdragon 732G Firmware Snapdragon 8 Gen 3 Firmware Snapdragon Wear 1300 Firmware Snapdragon 690 5G Firmware Snapdragon Auto 5g Rf Firmware Snapdragon W5 Gen 1 Firmware Snapdragon Wear 4100 Firmware 205 Firmware Qcc711 Firmware Snapdragon X75 5g Rf Firmware Snapdragon 680 4G Firmware Snapdragon 4 Gen 1 Firmware Wcd9306 Firmware Snapdragon X65 5g Rf Firmware Msm8996au Firmware Snapdragon Auto 5g Rf Gen 2 Firmware Snapdragon 665 Firmware Sm7635 Firmware Wcn3910 Firmware Qcn6274 Firmware Qfw7114 Firmware Wsa8815 Firmware Sd 8 Gen1 5g Firmware Qcs410 Firmware Sm6650 Firmware Sg4150p Firmware Wcd9371 Firmware Robotics Rb2 Firmware Qcm4325 Firmware Smart Audio 400 Firmware Authentication Bypass Information Disclosure Wcn3615 Firmware Snapdragon 8 Gen 1 Firmware Sdx61 Firmware Wcd9326 Firmware Wcn3620 Firmware Qca6564a Firmware Video Collaboration Vc1 Platform Firmware Mdm9628 Firmware Csrb31024 Firmware Wcn3660b Firmware Qca9377 Firmware Sdm429w Firmware Qcn6024 Firmware Qca9367 Firmware Wcn3680b Firmware Qcn9024 Firmware Video Collaboration Vc3 Platform Firmware Mdm9640 Firmware Qca6584 Firmware Sdx57m Firmware Wcd9330 Firmware Wcn6450 Firmware Qcs4290 Firmware Wcd9378 Firmware Sdx71m Firmware Wcd9390 Firmware Ar8035 Firmware Sm8635p Firmware Qca6391 Firmware Csra6640 Firmware Sw5100p Firmware Qca6595au Firmware Qca6584au Firmware Wcn6755 Firmware Qcc710 Firmware Qca6698aq Firmware Qca8081 Firmware Qcm2290 Firmware Qca6564au Firmware Qca6696 Firmware Wcn7881 Firmware Wsa8810 Firmware Wsa8830 Firmware Wcn3988 Firmware Wcn3980 Firmware Sm7675p Firmware Sm8635 Firmware Wcn7861 Firmware Wsa8845h Firmware Qfw7124 Firmware Qcm6125 Firmware Wcd9370 Firmware Wcd9335 Firmware Fastconnect 7800 Firmware Fastconnect 6900 Firmware Wsa8845 Firmware Sm8650q Firmware Fastconnect 6800 Firmware Qca6574au Firmware Wsa8835 Firmware Wcd9375 Firmware Qcn6224 Firmware Qca8337 Firmware Wsa8840 Firmware Wcd9340 Firmware Wcn3950 Firmware Wcd9385 Firmware Qep8111 Firmware Wcd9395 Firmware Sm7675 Firmware Qca6174a Firmware Wcn3990 Firmware Sw5100 Firmware Wcd9341 Firmware Csra6620 Firmware Qcs2290 Firmware Fastconnect 6200 Firmware Qcs4490 Firmware Wcn6650 Firmware Qcm4490 Firmware Fastconnect 6700 Firmware Wsa8832 Firmware Wcd9380 Firmware Qca6574a Firmware
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
Low

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 18:29 vuln.today
CVE Published
Mar 03, 2025 - 11:15 nvd
MEDIUM 5.4

DescriptionCVE.org

While processing the authentication message in UE, improper authentication may lead to information disclosure.

AnalysisAI

While processing the authentication message in UE, improper authentication may lead to information disclosure. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. While processing the authentication message in UE, improper authentication may lead to information disclosure. Affected products include: Qualcomm 315 5G Iot Firmware, Qualcomm 9205 Lte Firmware, Qualcomm Ar8035 Firmware, Qualcomm Csra6620 Firmware, Qualcomm Csra6640 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.

CVE-2024-53026 HIGH
8.2 Jun 03

CVE-2024-53026 is an information disclosure vulnerability in IMS (IP Multimedia Subsystem) implementations affecting VoL

CVE-2024-53021 HIGH
8.2 Jun 03

CVE-2024-53021 is an information disclosure vulnerability in RTCP (Real-time Transport Control Protocol) packet processi

CVE-2024-53020 HIGH
8.2 Jun 03

CVE-2024-53020 is an information disclosure vulnerability in RTP (Real-time Transport Protocol) packet processing that o

CVE-2025-21467 HIGH
7.8 May 06

Memory corruption while reading the FW response from the shared queue. Rated high severity (CVSS 7.8), this vulnerabilit

CVE-2025-21453 HIGH
7.8 May 06

Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential f

CVE-2024-49845 HIGH
7.8 May 06

Memory corruption during the FRS UDS generation process. Rated high severity (CVSS 7.8), this vulnerability is low attac

CVE-2024-49844 HIGH
7.8 May 06

Memory corruption while triggering commands in the PlayReady Trusted application. Rated high severity (CVSS 7.8), this v

CVE-2024-49841 HIGH
7.8 May 06

Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling. Rated high se

CVE-2024-49835 HIGH
7.8 May 06

Memory corruption while reading secure file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity

CVE-2024-49842 HIGH
7.8 May 06

Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions. Rated high se

CVE-2024-53014 HIGH
7.8 Mar 03

Memory corruption may occur while validating ports and channels in Audio driver. Rated high severity (CVSS 7.8), this vu

CVE-2025-21424 HIGH
7.8 Mar 03

Memory corruption while calling the NPU driver APIs concurrently. Rated high severity (CVSS 7.8), this vulnerability is

Share

CVE-2024-38426 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy