How to fix CVE-2024-49846?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Monitor vendor channels for patch availability.

Is Qca6688aq Firmware affected by CVE-2024-49846?

CVE-2024-49846 presents notable security risk rated CVSS 8.2. Successful exploitation could significantly impact the confidentiality, integrity, or availability of affected systems. Organizations should apply vendor updates when available and consider compensating controls in the interim.

CVE-2024-49846

HIGH

2025-05-06 [email protected]

8.2

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:40 vuln.today

CVE Published

May 06, 2025 - 09:15 nvd

HIGH 8.2

Tags

Buffer Overflow Qca6688aq Firmware Qca6698aq Firmware Qca8081 Firmware Qca8337 Firmware Qcc710 Firmware Qcn6224 Firmware Qcn6274 Firmware Qfw7114 Firmware Qfw7124 Firmware Sdx80m Firmware Sm8750 Firmware Sm8750p Firmware Snapdragon Auto 5g Modem Rf Gen 2 Firmware Snapdragon W5 Gen 1 Wearable Firmware Snapdragon X72 5g Modem Rf System Firmware Snapdragon X75 5g Modem Rf System Firmware Sw5100 Firmware Sw5100p Firmware Wcd9340 Firmware Wcd9395 Firmware Wsa8830 Firmware Wsa8832 Firmware Wsa8835 Firmware Wsa8840 Firmware Wsa8845 Firmware Wsa8845h Firmware Ar8035 Firmware Fastconnect 7800 Firmware Qca6574au Firmware Qca6595au Firmware Qca6678aq Firmware

Description

Memory corruption while decoding of OTA messages from T3448 IE.

Analysis

Memory corruption while decoding of OTA messages from T3448 IE. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical Context

This vulnerability is classified under CWE-126. Memory corruption while decoding of OTA messages from T3448 IE. Affected products include: Qualcomm Qca6688Aq Firmware, Qualcomm Qca6698Aq Firmware, Qualcomm Qca8081 Firmware, Qualcomm Qca8337 Firmware, Qualcomm Qcc710 Firmware.

Affected Products

Qualcomm Qca6688Aq Firmware, Qualcomm Qca6698Aq Firmware, Qualcomm Qca8081 Firmware, Qualcomm Qca8337 Firmware, Qualcomm Qcc710 Firmware.

Remediation

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.3

CVSS: +41

POC: 0

CVE-2024-49846 vulnerability details – vuln.today

Back

CVE-2024-49846

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code