CPE Details
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:h:qualcomm:qca4010:-:*:*:*:*:*:*:*
Informations
Vendor
qualcommProduct
qca4010Version
-Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| Information disclosure in IOE Firmware while handling WMI command. | 6.1 |
Medium |
||
| Memory corruption in WLAN HAL while handling command streams through WMI interfaces. | 7.8 |
High |
||
| Memory corruption in WLAN HAL while processing devIndex from untrusted WMI payload. | 7.8 |
High |
||
| Memory corruption in WLAN FW while processing command parameters from untrusted WMI payload. | 7.8 |
High |
||
| Information disclosure in Network Services due to buffer over-read while the device receives DNS response. | 8.2 |
High |
||
| Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command. | 8.4 |
High |
||
| Information disclosure due to buffer over-read in Modem while parsing DNS hostname. | 8.2 |
High |
||
| Information disclosure in Modem due to buffer over-read while receiving a IP header with malformed length. | 8.2 |
High |
||
| Information disclosure in Modem due to buffer over-read while getting length of Unfragmented headers in an IPv6 packet. | 8.2 |
High |
||
| Information disclosure due to buffer over-read while parsing DNS response packets in Modem. | 8.2 |
High |
||
| Information disclosure in modem due to buffer over-read while processing packets from DNS server | 7.5 |
High |
||
| Information disclosure in modem due to improper check of IP type while processing DNS server query | 8.2 |
High |
||
| Memory corruption in WLAN HAL while arbitrary value is passed in WMI UTF command payload. | 8.4 |
High |
||
| Information disclosure due to buffer over-read in Modem while using static array to process IPv4 packets. | 8.2 |
High |
||
| Information disclosure in modem due to buffer over-red while performing checksum of packet received | 8.2 |
High |
||
| Denial of service in modem due to missing null check while processing IP packets with padding | 7.5 |
High |
||
| Denial of service in modem due to null pointer dereference while processing DNS packets | 7.5 |
High |
||
| Cryptographic issues in WLAN during the group key handshake of the WPA/WPA2 protocol in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music | 9.8 |
Critical |
||
| Memory Corruption in modem due to improper length check while copying into memory in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music | 9.8 |
Critical |
||
| Denial of service in modem due to infinite loop while parsing IGMPv2 packet from server in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music | 7.5 |
High |
||
| Cryptographic issue in WLAN due to improper check on return value while authentication handshake in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 9.8 |
Critical |
||
| Information disclosure in WLAN due to improper length check while processing authentication handshake in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 9.1 |
Critical |
||
| Possible stack overflow due to improper length check of TLV while copying the TLV to a local stack variable in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | 8.4 |
High |
||
| Possible memory corruption while processing EAPOL frames due to lack of validation of key length before using it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 8.8 |
High |
||
| Out of bound reads might occur in while processing Service descriptor due to improper validation of length of fields in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 9.8 |
Critical |
||
| Out of bounds reads while parsing NAN beacons attributes and OUIs due to improper length of field check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | 9.8 |
Critical |
||
| Possible integer overflow to buffer overflow in WLAN while parsing nonstandard NAN IE messages. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA4010, QCA6174A, QCA6574AU, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9886, QCN7605, QCS405, QCS605, SA6155P, Saipan, SDA845, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130 | 7.8 |
High |
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.