Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2015-9222

Published: 18/04/2018 Updated: 02/05/2018
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 785
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Subscribe to Qualcomm

Vulnerability Summary

In Android prior to 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, and Snapdragon_High_Med_2016, processing erroneous bitstreams may result in a HW freeze. FW should detect the HW freeze based on watchdog timer, but because the watchdog timer is not enabled, an infinite loop occurs, resulting in a device freeze.

Vulnerable Product Search on Vulmon Subscribe to Product

qualcomm msm8909w_firmware -

qualcomm sd_210_firmware -

qualcomm sd_212_firmware -

qualcomm sd_205_firmware -

qualcomm sd_400_firmware -

qualcomm sd_410_firmware -

qualcomm sd_412_firmware -

qualcomm sd_425_firmware -

qualcomm sd_430_firmware -

qualcomm sd_450_firmware -

qualcomm sd_427_firmware -

qualcomm sd_435_firmware -

qualcomm sd_625_firmware -

qualcomm sd_650_firmware -

qualcomm sd_652_firmware -

qualcomm sd_800_firmware -

qualcomm sd_808_firmware -

qualcomm sd_810_firmware -

qualcomm sd_820_firmware -

qualcomm sd_835_firmware -

qualcomm sd_845_firmware -

qualcomm sdm630_firmware -

qualcomm sdm636_firmware -

qualcomm sdm660_firmware -

Exploits

Exploit DB: RomPager 4.34 (Multiple Router Vendors) - 'Misfortune Cookie' Authentication Bypass
# Title: Misfortune Cookie Exploit (RomPager <= 434) router authentication remover # Date: 17/4/2016 # CVE: CVE-2015-9222 (misfortunecookie) # Vendors: ZyXEL,TP-Link,D-Link,Nilox,Billion,ZTE,AirLive, # Vulnerable models: misfortunecookie/misfortune-cookie-suspected-vulnerablepdf # Versions affected: RomPager <= 434 (s ...
Exploit DB: RomPager 4.34 Authentication Bypass
RomPager versions 434 and below router authentication remover exploit ...

References

CWE-399https://source.android.com/security/bulletin/2018-04-01https://www.exploit-db.com/exploits/39739/http://www.securityfocus.com/bid/103671https://nvd.nist.govhttps://www.exploit-db.com/exploits/39739/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook