Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Lifecycle Timeline
3DescriptionCVE.org
Information disclosure when an invalid RTCP packet is received during a VoLTE/VoWiFi IMS call.
AnalysisAI
CVE-2024-53026 is an information disclosure vulnerability in IMS (IP Multimedia Subsystem) implementations affecting VoLTE and VoWiFi call processing. When a malicious or malformed RTCP (Real-time Transport Control Protocol) packet is received during an active call, the vulnerable system leaks sensitive information to a network-adjacent attacker without requiring authentication or user interaction. The CVSS 8.2 rating reflects high confidentiality impact with partial availability degradation; exploitation likelihood and real-world activity status require cross-referencing with EPSS and KEV data.
Technical ContextAI
This vulnerability exists in the RTCP packet handling logic within IMS core network elements (typically P-CSCF, I-CSCF, or S-CSCF) and user equipment (UE) implementations. RTCP (RFC 3550) is used for real-time transport feedback in VoIP/VoLTE sessions. The root cause is classified as CWE-126 (Buffer Over-read), indicating improper bounds checking when parsing RTCP packet headers or payloads. When an invalid RTCP packet (malformed length fields, unexpected compound structures, or crafted extension headers) is processed, the parser may read beyond allocated buffer boundaries, exposing adjacent memory containing call metadata, session tokens, user identifiers, or other sensitive call-state information. The vulnerability affects IMS protocol stacks across multiple vendors' implementations (Huawei, Nokia, Ericsson telecom infrastructure and chipset manufacturers), though specific CPE identifiers would be needed to pinpoint exact product versions and SKUs.
RemediationAI
Immediate mitigation: (1) Implement network-layer ingress filtering to block RTCP packets with invalid structures at the RAN/core boundary using DPI rules that validate RFC 3550 compliance; (2) Deploy RTCP packet sanitization middleware that performs strict bounds-checking before passing to IMS stack. Long-term fixes: (1) Apply vendor-specific security patches (contact Huawei/Nokia/Ericsson for CVE-2024-53026 advisories); (2) Upgrade to patched IMS core versions once available (typically designated as security-focused minor versions, e.g., 15.1.1 SP5 with security fixes); (3) For device chipsets, push OTA modem firmware updates from device manufacturers (Samsung, Google, OnePlus, etc.). Validate patches by testing with fuzzed RTCP packets using tools like radamsa or custom RTCP fuzzers to confirm bounds-checking is enforced. No public workarounds exist; patching is the only mitigation.
More in Wcd9335 Firmware
View allA Qualcomm chipset vulnerability (CVE-2026-21385) causes memory corruption through improper integer handling during memo
Qualcomm Adreno GPU drivers in Chrome contain a use-after-free vulnerability (CVE-2025-27038, CVSS 7.5) enabling memory
Information disclosure may occur during a video call if a device resets due to a non-conforming RTCP packet that doesn`t
CVE-2024-53021 is an information disclosure vulnerability in RTCP (Real-time Transport Control Protocol) packet processi
CVE-2024-53020 is an information disclosure vulnerability in RTP (Real-time Transport Protocol) packet processing that o
Network-based information disclosure vulnerability in RTP (Real-time Transport Protocol) packet decoding that occurs whe
Information disclosure while decoding this RTP packet Payload when UE receives the RTP packet from the network.
Memory corruption while reading response from FW, when buffer size is changed by FW while driver is using this size to w
Memory corruption while reading the FW response from the shared queue. Rated high severity (CVSS 7.8), this vulnerabilit
Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential f
Memory corruption while triggering commands in the PlayReady Trusted application. Rated high severity (CVSS 7.8), this v
Memory corruption while reading secure file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity
Same weakness CWE-126 – Buffer Over-read
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2024-54631