Qca4024 Firmware
CVE-2024-43046
MEDIUM
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
There may be information disclosure during memory re-allocation in TZ Secure OS.
AnalysisAI
There may be information disclosure during memory re-allocation in TZ Secure OS. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. There may be information disclosure during memory re-allocation in TZ Secure OS. Affected products include: Qualcomm Csr8811 Firmware, Qualcomm Csra6620 Firmware, Qualcomm Csra6640 Firmware, Qualcomm Fastconnect 6200 Firmware, Qualcomm Fastconnect 6700 Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.
More in Qca4024 Firmware
View allMemory corruption while processing command in Glink linux. Rated high severity (CVSS 7.8), this vulnerability is low att
Memory corruption whhile handling the subsystem failure memory during the parsing of video packets received from the vid
Memory corruption while processing manipulated payload in video firmware.
Memory corruption while processing video packets received from video firmware.
Memory corruption while deinitializing a HDCP session. [CVSS 7.8 HIGH]
Transient DOS may occur while parsing SSID in action frames. Rated high severity (CVSS 7.5), this vulnerability is remot
Transient DOS may occur while parsing extended IE in beacon. Rated high severity (CVSS 7.5), this vulnerability is remot
Transient denial-of-service vulnerability in wireless beacon frame processing that occurs when a device receives a malfo
Transient DOS may occur when processing vendor-specific information elements while parsing a WLAN frame for BTM requests
Transient DOS while parsing the EPTM test control message to get the test pattern. Rated high severity (CVSS 7.5), this
Transient DOS while handling beacon frames with invalid IE header length.
Information disclosure while processing a firmware event. [CVSS 6.1 MEDIUM]
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today