Vulnerabilities > Qualcomm > Qca2066 Firmware

DATE CVE VULNERABILITY TITLE RISK
2021-10-20 CVE-2021-30304 Out-of-bounds Read vulnerability in Qualcomm products
Possible buffer out of bound read can occur due to improper validation of TBTT count and length while parsing the beacon response in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity
network
low complexity
qualcomm CWE-125
6.4
6.4
2021-09-17 CVE-2021-30260 Integer Overflow or Wraparound vulnerability in Qualcomm products
Possible Integer overflow to buffer overflow issue can occur due to improper validation of input parameters when extscan hostlist configuration command is received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
local
low complexity
qualcomm CWE-190
4.6
4.6
2021-09-09 CVE-2021-1941 Out-of-bounds Read vulnerability in Qualcomm products
Possible buffer over read issue due to improper length check on WPA IE string sent by peer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
network
low complexity
qualcomm CWE-125
7.8
7.8
2021-09-09 CVE-2021-1948 Out-of-bounds Read vulnerability in Qualcomm products
Possible out of bound read due to lack of length check of data while parsing the beacon or probe response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
network
low complexity
qualcomm CWE-125
7.8
7.8
2021-09-09 CVE-2021-1960 Improper Input Validation vulnerability in Qualcomm products
Improper handling of ASB-C broadcast packets with crafted opcode in LMP can lead to uncontrolled resource consumption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
low complexity
qualcomm CWE-20
3.3
3.3
2021-09-09 CVE-2021-1971 Reachable Assertion vulnerability in Qualcomm products
Possible assertion due to lack of physical layer state validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
network
low complexity
qualcomm CWE-617
7.8
7.8
2021-09-08 CVE-2020-11264 Improper Authentication vulnerability in Qualcomm products
Improper authentication of Non-EAPOL/WAPI plaintext frames during four-way handshake can lead to arbitrary network packet injection in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
network
low complexity
qualcomm CWE-287
critical
 10.0
10
2021-07-13 CVE-2021-1938 Reachable Assertion vulnerability in Qualcomm products
Possible assertion due to improper verification while creating and deleting the peer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
network
low complexity
qualcomm CWE-617
5.0
5.0
2021-07-13 CVE-2021-1953 Reachable Assertion vulnerability in Qualcomm products
Improper handling of received malformed FTMR request frame can lead to reachable assertion while responding with FTM1 frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
network
low complexity
qualcomm CWE-617
5.0
5.0
2021-06-09 CVE-2021-1937 Reachable Assertion vulnerability in Qualcomm products
Reachable assertion is possible while processing peer association WLAN message from host and nonstandard incoming packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
network
low complexity
qualcomm CWE-617
5.0
5.0