Apq8064au Firmware
CVE-2024-45552
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Lifecycle Timeline
2DescriptionCVE.org
Information disclosure may occur during a video call if a device resets due to a non-conforming RTCP packet that doesn`t adhere to RFC standards.
AnalysisAI
Information disclosure may occur during a video call if a device resets due to a non-conforming RTCP packet that doesn`t adhere to RFC standards. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-126. Information disclosure may occur during a video call if a device resets due to a non-conforming RTCP packet that doesn`t adhere to RFC standards. Affected products include: Qualcomm Apq8064Au Firmware, Qualcomm Fastconnect 6200 Firmware, Qualcomm Fastconnect 6700 Firmware, Qualcomm Fastconnect 6800 Firmware, Qualcomm Fastconnect 6900 Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Apq8064au Firmware
View allCVE-2024-53026 is an information disclosure vulnerability in IMS (IP Multimedia Subsystem) implementations affecting VoL
CVE-2024-53020 is an information disclosure vulnerability in RTP (Real-time Transport Protocol) packet processing that o
Information disclosure while decoding this RTP packet Payload when UE receives the RTP packet from the network.
Transient DOS while connecting STA to AP and initiating ADD TS request from AP to establish TSpec session. Rated high se
Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request. Rated high severity (CVSS 7.5
Transient DOS while parsing the EPTM test control message to get the test pattern. Rated high severity (CVSS 7.5), this
Transient DOS while processing received beacon frame.
Transient DOS may occur while processing malformed length field in SSID IEs.
Memory corruption while processing a GP command response. Rated high severity (CVSS 8.8), this vulnerability is low atta
Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is great
Information disclosure when UE receives the RTP packet from the network, while decoding and reassembling the fragments f
Memory corruption when the UE receives an RTP packet from the network, during the reassembly of NALUs. Rated critical se
Same weakness CWE-126 – Buffer Over-read
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today