Severity by source
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
Information Disclosure when resetting device to factory default settings through powerline interface allows unauthorized access to device configuration.
AnalysisAI
Sensitive device configuration is exposed to adjacent network attackers during factory reset operations conducted through the powerline interface on Qualcomm Snapdragon chipsets. An unauthenticated attacker present on the same powerline network segment can intercept unprotected configuration data at the moment of reset, gaining unauthorized access to potentially sensitive device parameters such as credentials or network settings. No public exploit has been identified at time of analysis, and Qualcomm addressed this vulnerability in its June 2026 Security Bulletin.
Technical ContextAI
The powerline interface (Power Line Communication, PLC) enables network data transmission over existing electrical wiring and is integrated into various Snapdragon-powered devices including IoT equipment, networking hardware, and automotive platforms. CWE-1230 (Exposure of Sensitive Information Through Metadata) indicates the root cause is the unintended leakage of sensitive configuration data - likely as unencrypted metadata or improperly cleared state - transmitted or accessible over the powerline interface during the factory reset procedure. The CPE string cpe:2.3:a:qualcomm,_inc.:snapdragon:*:*:*:*:*:*:*:* uses a full wildcard for version, indicating the vulnerability spans the broad Snapdragon product line rather than a single chipset or firmware revision. The tags 'Authentication Bypass' alongside 'Information Disclosure' suggest the factory reset pathway circumvents normal authentication controls that would otherwise gate access to device configuration.
RemediationAI
Patch available per vendor advisory - Qualcomm published a fix in the June 2026 Security Bulletin at https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2026-bulletin.html. The exact patched firmware or software version is not enumerated in the currently available data and must be confirmed directly from that bulletin; device manufacturers (OEMs) integrating Snapdragon will need to incorporate Qualcomm's patch into their own firmware releases. As a compensating control, if the powerline interface is not operationally required, disable it at the firmware or hardware configuration level to eliminate this attack surface entirely - note this will prevent any PLC-based network connectivity the device relies on. If powerline functionality must remain active, restrict physical access to the electrical network segment to trusted personnel, and avoid performing factory resets on devices while they are attached to shared or untrusted powerline segments.
More in Snapdragon
View allBuffer overflow in Qualcomm Snapdragon firmware enables authentication bypass on adjacent networks, allowing remote unau
Memory corruption in Qualcomm Snapdragon Strongbox component allows local low-privileged attackers to trigger a buffer o
Local privilege escalation in Qualcomm Snapdragon chipsets stems from an out-of-bounds memory access in the Strongbox tr
Memory corruption in Qualcomm Snapdragon chipsets allows adjacent network attackers to achieve arbitrary code execution
Bootloader integrity bypass in Qualcomm Snapdragon platforms allows a high-privileged local attacker to write to a speci
Local privilege escalation in Qualcomm Snapdragon platforms is possible through memory corruption when processing multip
Local privilege escalation in Qualcomm Snapdragon platforms stems from an out-of-bounds read (CWE-125) triggered during
Local privilege escalation and memory corruption in Qualcomm Snapdragon platforms allows an attacker with low-privileged
Local privilege escalation via memory corruption in Qualcomm Snapdragon platform components allows an authenticated low-
Local memory corruption in Qualcomm Snapdragon platforms (CVE-2025-59604) allows a low-privileged local attacker to trig
Use-after-free vulnerability in Qualcomm Snapdragon chipsets enables local privilege escalation to achieve full device c
Memory corruption in Qualcomm Snapdragon allows local authenticated attackers with low privileges to achieve arbitrary c
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-210018
GHSA-wm3c-f3vh-3xr4