Published: 20/09/2018 Updated: 03/10/2019

CVSS v2 Base Score: 3.3 | Impact Score: 2.9 | Exploitability Score: 6.5

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 294

Vector: AV:A/AC:L/Au:N/C:N/I:P/A:N

In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016, MAC address randomization performed during probe requests (for privacy reasons) is not done properly due to a flawed RNG which produces repeating output much earlier than expected.

Vulnerable Product	Search on Vulmon	Subscribe to Product
qualcomm mdm9206_firmware -
qualcomm mdm9607_firmware -
qualcomm mdm9640_firmware -
qualcomm mdm9650_firmware -
qualcomm msm8996au_firmware -
qualcomm qca6574au_firmware -
qualcomm sd210_firmware -
qualcomm sd212_firmware -
qualcomm sd205_firmware -
qualcomm sd425_firmware -
qualcomm sd427_firmware -
qualcomm sd430_firmware -
qualcomm sd435_firmware -
qualcomm sd450_firmware -
qualcomm sd615_firmware -
qualcomm sd616_firmware -
qualcomm sd415_firmware -
qualcomm sd650_firmware -
qualcomm sd652_firmware -
qualcomm sd820a_firmware -
qualcomm sd835_firmware -
qualcomm sd845_firmware -
qualcomm sd850_firmware -
qualcomm sda660_firmware -
qualcomm sdm429_firmware -
qualcomm sdm439_firmware -
qualcomm sdm630_firmware -
qualcomm sdm632_firmware -
qualcomm sdm636_firmware -
qualcomm sdm660_firmware -
qualcomm sdm710_firmware -

CWE-338 https://www.qualcomm.com/company/product-security/bulletins https://source.android.com/security/bulletin/2018-09-01#qualcomm-closed-source-components https://nvd.nist.gov

CVE-2018-5871

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect