Skip to main content

Fastconnect 6200 Firmware CVE-2024-53019

| EUVDEUVD-2024-54634 HIGH
Buffer Over-read (CWE-126)
2025-06-03 product-security@qualcomm.com
Information Disclosure Fastconnect 6200 Firmware Fastconnect 6700 Firmware Fastconnect 6900 Firmware Fastconnect 7800 Firmware Qca6310 Firmware Qca6320 Firmware Qca6696 Firmware Qcm4490 Firmware Qcs4490 Firmware Qmp1000 Firmware Sa4150p Firmware Sa4155p Firmware Sa6155p Firmware Sa8155p Firmware Sa8195p Firmware Sd 8 Gen1 5g Firmware Sd835 Firmware Sdm429w Firmware Sm4635 Firmware Sm6650 Firmware Sm6650p Firmware Sm7635 Firmware Sm7675 Firmware Sm7675p Firmware Sm8550p Firmware Sm8635 Firmware Sm8635p Firmware Sm8650q Firmware Sm8735 Firmware Sm8750 Firmware Sm8750p Firmware Snapdragon 4 Gen 1 Mobile Platform Firmware Snapdragon 4 Gen 2 Mobile Platform Firmware Snapdragon 429 Mobile Platform Firmware Snapdragon 480 5g Mobile Platform Firmware Snapdragon 695 5g Mobile Platform Firmware Snapdragon 8 Gen 1 Mobile Platform Firmware Snapdragon 8 Gen 2 Mobile Platform Firmware Snapdragon 8 Gen 3 Mobile Platform Firmware Snapdragon 835 Mobile Pc Platform Firmware Sw5100 Firmware Sw5100p Firmware Talynplus Firmware Wcd9335 Firmware Wcd9340 Firmware Wcd9341 Firmware Wcd9370 Firmware Wcd9375 Firmware Wcd9378 Firmware Wcd9380 Firmware Wcd9385 Firmware Wcd9390 Firmware Wcd9395 Firmware Wcn3620 Firmware Wcn3660b Firmware Wcn3680b Firmware Wcn3950 Firmware Wcn3980 Firmware Wcn3988 Firmware Wcn3990 Firmware Wcn6450 Firmware Wcn6650 Firmware Wcn6740 Firmware Wcn6755 Firmware Wcn7750 Firmware Wcn7860 Firmware Wcn7861 Firmware Wcn7880 Firmware Wcn7881 Firmware Wsa8810 Firmware Wsa8815 Firmware Wsa8830 Firmware Wsa8832 Firmware Wsa8835 Firmware Wsa8840 Firmware Wsa8845 Firmware Wsa8845h Firmware
8.2
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.2 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
Low

Lifecycle Timeline

3
EUVD ID Assigned
Mar 14, 2026 - 17:04 euvd
EUVD-2024-54634
Analysis Generated
Mar 14, 2026 - 17:04 vuln.today
CVE Published
Jun 03, 2025 - 06:15 nvd
HIGH 8.2

DescriptionCVE.org

Information disclosure may occur while decoding the RTP packet with improper header length for number of contributing sources.

AnalysisAI

Network-based information disclosure vulnerability in RTP (Real-time Transport Protocol) packet decoding that occurs when the CSRC (Contributing Source) count header field is improperly validated, allowing an attacker to read sensitive memory contents. The vulnerability affects any system processing RTP streams with malformed headers and has a high CVSS score of 8.2 due to the combination of high confidentiality impact and network accessibility without authentication; no patch availability, KEV status, EPSS score, or active exploitation details are currently documented.

Technical ContextAI

RTP (RFC 3550) is a widely-used protocol for real-time media transport over IP networks. The vulnerability exists in the RTP header parsing logic, specifically in how the CC (CSRC count) field—which indicates the number of contributing sources in the CSRC list—is processed. CWE-126 (Buffer Over-read) indicates the root cause: improper validation of the CC header field length allows reading beyond allocated buffer boundaries, leaking adjacent heap/stack memory. This affects any RTP decoder/library that fails to validate that the declared CSRC count matches actual available packet data before dereferencing the header structure. Vulnerable implementations likely include libavformat (FFmpeg), GStreamer RTP plugins, PJSIP, Kurento, and other multimedia frameworks that parse RTP headers without bounds checking on the CC field.

RemediationAI

Remediation requires: (1) Immediate action: Identify all systems processing RTP streams (VoIP servers, conferencing platforms, media gateways, video surveillance systems); (2) Patch/Update: Apply vendor security updates to RTP libraries and applications as they become available—check FFmpeg, GStreamer, PJSIP, Asterisk, Kurento project pages for CVE-2024-53019 patches; (3) Temporary mitigation: Implement network-level filtering to reject malformed RTP packets with invalid CSRC counts (if detection logic is available); restrict RTP traffic to trusted sources only; (4) Workaround: If patching is delayed, disable RTP decoding features or use hardware appliances with updated firmware; (5) Validation: After patching, test RTP functionality end-to-end to ensure no regression. Monitor vendor advisories (NIST NVD, vendor security pages) for patch release timelines.

CVE-2025-21480 HIGH
8.6 Jun 03

Qualcomm GPU micronode contains a memory corruption vulnerability (CVE-2025-21480, CVSS 8.6) caused by unauthorized comm

CVE-2025-21479 HIGH
8.6 Jun 03

A second Qualcomm GPU micronode memory corruption vulnerability (CVE-2025-21479, CVSS 8.6) exists in the unauthorized co

CVE-2026-21385 HIGH POC
7.8 Mar 02

A Qualcomm chipset vulnerability (CVE-2026-21385) causes memory corruption through improper integer handling during memo

CVE-2025-21450 CRITICAL
9.1 Jul 08

Cryptographic issue occurs due to use of insecure connection method while downloading.

CVE-2024-33065 HIGH
8.4 Oct 07

Memory corruption while taking snapshot when an offset variable is set by camera driver. Rated high severity (CVSS 8.4),

CVE-2025-47345 HIGH
8.4 Jan 07

Cryptographic issue may occur while encrypting license data. [CVSS 8.4 HIGH]

CVE-2024-45552 HIGH
8.2 Apr 07

Information disclosure may occur during a video call if a device resets due to a non-conforming RTCP packet that doesn`t

CVE-2024-53026 HIGH
8.2 Jun 03

CVE-2024-53026 is an information disclosure vulnerability in IMS (IP Multimedia Subsystem) implementations affecting VoL

CVE-2024-53021 HIGH
8.2 Jun 03

CVE-2024-53021 is an information disclosure vulnerability in RTCP (Real-time Transport Control Protocol) packet processi

CVE-2024-53020 HIGH
8.2 Jun 03

CVE-2024-53020 is an information disclosure vulnerability in RTP (Real-time Transport Protocol) packet processing that o

CVE-2025-21427 HIGH
8.2 Jul 08

Information disclosure while decoding this RTP packet Payload when UE receives the RTP packet from the network.

CVE-2025-21475 HIGH
7.8 May 06

Memory corruption while processing escape code, when DisplayId is passed with large unsigned value. Rated high severity

Share

CVE-2024-53019 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy