Skip to main content

Fastconnect 7800 Firmware CVE-2025-27029

| EUVDEUVD-2025-16702 HIGH
Buffer Over-read (CWE-126)
2025-06-03 product-security@qualcomm.com
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 14, 2026 - 17:04 euvd
EUVD-2025-16702
Analysis Generated
Mar 14, 2026 - 17:04 vuln.today
CVE Published
Jun 03, 2025 - 06:15 nvd
HIGH 7.5

DescriptionCVE.org

Transient DOS while processing the tone measurement response buffer when the response buffer is out of range.

AnalysisAI

Network-accessible denial-of-service vulnerability in tone measurement response buffer processing that occurs when buffer contents fall outside expected range parameters, resulting in application/service crashes. The vulnerability affects systems implementing tone measurement protocols with improper input validation on buffer boundaries. An unauthenticated remote attacker can trigger this vulnerability with minimal complexity, causing service unavailability; however, without CVE details indicating active KEV status or public PoC availability, real-world exploitation likelihood remains moderate despite the high CVSS 7.5 score.

Technical ContextAI

This vulnerability stems from CWE-126 (Buffer Over-read), a memory safety issue where code reads data beyond intended buffer boundaries without proper validation. The specific context involves tone measurement response processing—likely used in audio, telecommunications, or signal processing systems. The vulnerability manifests when the tone measurement protocol receives a response buffer with out-of-range values that the application fails to validate before processing. The absence of bounds checking on the response buffer allows reading beyond allocated memory, causing undefined behavior and denial of service. The CVSS vector (AV:N/AC:L/PR:N/UI:N) indicates the vulnerability is exploitable over the network without authentication or user interaction, suggesting the tone measurement service is directly exposed to network input without intermediate validation layers.

RemediationAI

Specific patch versions are not provided in the available data. General remediation steps: (1) Obtain vendor patches: Contact your equipment/software vendor for CVE-2025-27029 security updates; apply patches immediately to all affected systems; (2) Input validation workaround: If patching is delayed, implement network-level input validation to reject tone measurement responses outside expected value ranges before they reach vulnerable processing code; (3) Network segmentation: Restrict network access to tone measurement services to trusted internal networks only, reducing attack surface until patches are deployed; (4) Service monitoring: Implement alerting on service crashes and abnormal tone measurement request patterns to detect exploitation attempts; (5) Vendor advisory consultation: Review the vendor's security advisory (typically available via CVE database links) for version-specific patch availability and additional mitigation recommendations.

CVE-2025-21480 HIGH
8.6 Jun 03

Qualcomm GPU micronode contains a memory corruption vulnerability (CVE-2025-21480, CVSS 8.6) caused by unauthorized comm

CVE-2025-21479 HIGH
8.6 Jun 03

A second Qualcomm GPU micronode memory corruption vulnerability (CVE-2025-21479, CVSS 8.6) exists in the unauthorized co

CVE-2026-21385 HIGH POC
7.8 Mar 02

A Qualcomm chipset vulnerability (CVE-2026-21385) causes memory corruption through improper integer handling during memo

CVE-2025-27038 HIGH
7.5 Jun 03

Qualcomm Adreno GPU drivers in Chrome contain a use-after-free vulnerability (CVE-2025-27038, CVSS 7.5) enabling memory

CVE-2025-21450 CRITICAL
9.1 Jul 08

Cryptographic issue occurs due to use of insecure connection method while downloading.

CVE-2024-33065 HIGH
8.4 Oct 07

Memory corruption while taking snapshot when an offset variable is set by camera driver. Rated high severity (CVSS 8.4),

CVE-2025-47345 HIGH
8.4 Jan 07

Cryptographic issue may occur while encrypting license data. [CVSS 8.4 HIGH]

CVE-2024-49846 HIGH
8.2 May 06

Memory corruption while decoding of OTA messages from T3448 IE. Rated high severity (CVSS 8.2), this vulnerability is re

CVE-2024-45552 HIGH
8.2 Apr 07

Information disclosure may occur during a video call if a device resets due to a non-conforming RTCP packet that doesn`t

CVE-2024-53026 HIGH
8.2 Jun 03

CVE-2024-53026 is an information disclosure vulnerability in IMS (IP Multimedia Subsystem) implementations affecting VoL

CVE-2024-53021 HIGH
8.2 Jun 03

CVE-2024-53021 is an information disclosure vulnerability in RTCP (Real-time Transport Control Protocol) packet processi

CVE-2024-53020 HIGH
8.2 Jun 03

CVE-2024-53020 is an information disclosure vulnerability in RTP (Real-time Transport Protocol) packet processing that o

Share

CVE-2025-27029 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy