Vulnerabilities > CVE-2015-9222 - Resource Management Errors vulnerability in Qualcomm products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
qualcomm
CWE-399
exploit available

Summary

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, and Snapdragon_High_Med_2016, processing erroneous bitstreams may result in a HW freeze. FW should detect the HW freeze based on watchdog timer, but because the watchdog timer is not enabled, an infinite loop occurs, resulting in a device freeze.

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionMultiple Vendors (RomPager 4.34) - Misfortune Cookie Router Authentication Bypass. CVE-2015-9222. Webapps exploit for hardware platform
fileexploits/hardware/webapps/39739.py
idEDB-ID:39739
last seen2016-04-27
modified2016-04-27
platformhardware
port
published2016-04-27
reporterMilad Doorbash
sourcehttps://www.exploit-db.com/download/39739/
titleMultiple Vendors RomPager <= 4.34 - Misfortune Cookie Router Authentication Bypass
typewebapps

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/136831/rompager-bypass.txt
idPACKETSTORM:136831
last seen2016-12-05
published2016-04-27
reporterMilad Doorbash
sourcehttps://packetstormsecurity.com/files/136831/RomPager-4.34-Authentication-Bypass.html
titleRomPager 4.34 Authentication Bypass