Vulnerabilities > CVE-2015-9222 - Resource Management Errors vulnerability in Qualcomm products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, and Snapdragon_High_Med_2016, processing erroneous bitstreams may result in a HW freeze. FW should detect the HW freeze based on watchdog timer, but because the watchdog timer is not enabled, an infinite loop occurs, resulting in a device freeze.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
| description | Multiple Vendors (RomPager 4.34) - Misfortune Cookie Router Authentication Bypass. CVE-2015-9222. Webapps exploit for hardware platform |
| file | exploits/hardware/webapps/39739.py |
| id | EDB-ID:39739 |
| last seen | 2016-04-27 |
| modified | 2016-04-27 |
| platform | hardware |
| port | |
| published | 2016-04-27 |
| reporter | Milad Doorbash |
| source | https://www.exploit-db.com/download/39739/ |
| title | Multiple Vendors RomPager <= 4.34 - Misfortune Cookie Router Authentication Bypass |
| type | webapps |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/136831/rompager-bypass.txt |
| id | PACKETSTORM:136831 |
| last seen | 2016-12-05 |
| published | 2016-04-27 |
| reporter | Milad Doorbash |
| source | https://packetstormsecurity.com/files/136831/RomPager-4.34-Authentication-Bypass.html |
| title | RomPager 4.34 Authentication Bypass |