V
Scaner-VS
ENRU
HomeCatalogSourcesCWECAPECATT&CKMitigationsDocs
Back to catalog
CVE-2018-11949
CVE
Critical

Failure to initialize the extra buffer can lead to an out of buffer access in WLAN function in Snapdragon Auto, Snapdragon Compute, Snapdra…

CVSS
9.8
Critical
EPSS
0.00
p50
Published
2018-01-01
Updated
2018-01-01
Description

Failure to initialize the extra buffer can lead to an out of buffer access in WLAN function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24

Tags · CWE
Pre-auth
CWE-665
CAPEC-26
CAPEC-29
Affected products
Mdm9150_firmwareMdm9206_firmwareMdm9607_firmwareMdm9640_firmwareMdm9650_firmwareMsm8996au_firmwareQcs605_firmwareSd_425_firmwareSd_427_firmwareSd_430_firmwareSd_435_firmwareSd_450_firmwareSd_625_firmwareSd_636_firmwareSd_670_firmwareSd_710_firmwareSd_712_firmwareSd_820a_firmwareSd_835_firmwareSd_845_firmware
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Timeline
2018-01-01
Published
2018-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: N
None (N)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: H
High (H)
Integrity Impact
I: H
High (H)
Availability Impact
A: H
High (H)
Exploit indicators
EPSS
0.003 · p50
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected software
ProductVendorStatus
mdm9150_firmware*Tracked
mdm9206_firmware*Tracked
mdm9607_firmware*Tracked
mdm9640_firmware*Tracked
mdm9650_firmware*Tracked
msm8996au_firmware*Tracked
qcs605_firmware*Tracked
sd_425_firmware*Tracked
sd_427_firmware*Tracked
sd_430_firmware*Tracked
sd_435_firmware*Tracked
sd_450_firmware*Tracked
sd_625_firmware*Tracked
sd_636_firmware*Tracked
sd_670_firmware*Tracked
sd_710_firmware*Tracked
sd_712_firmware*Tracked
sd_820a_firmware*Tracked
sd_835_firmware*Tracked
sd_845_firmware*Tracked
Source databases
CVE