9.8
CVSSv3

CVE-2019-10540

Published: 30/09/2019 Updated: 03/10/2019
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Buffer overflow in WLAN NAN function due to lack of check of count value received in NAN availability attribute in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ8074, MSM8996AU, QCA6174A, QCA6574AU, QCA8081, QCA9377, QCA9379, QCS404, QCS405, QCS605, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SXR1130

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

qualcomm ipq8074 firmware -

qualcomm msm8996au firmware -

qualcomm qca6174a firmware -

qualcomm qca6574au firmware -

qualcomm qca8081 firmware -

qualcomm qca9377 firmware -

qualcomm qca9379 firmware -

qualcomm qcs404 firmware -

qualcomm qcs405 firmware -

qualcomm qcs605 firmware -

qualcomm sd 636 firmware -

qualcomm sd 665 firmware -

qualcomm sd 675 firmware -

qualcomm sd 712 firmware -

qualcomm sd 710 firmware -

qualcomm sd 670 firmware -

qualcomm sd 730 firmware -

qualcomm sd 820 firmware -

qualcomm sd 835 firmware -

qualcomm sd 845 firmware -

qualcomm sd 850 firmware -

qualcomm sd 855 firmware -

qualcomm sd 8cx firmware -

qualcomm sda660 firmware -

qualcomm sdm630 firmware -

qualcomm sdm660 firmware -

qualcomm sxr1130 firmware -

Recent Articles

It's 2019 – and you can completely pwn millions of Qualcomm-powered Androids over the air
The Register • Shaun Nichols in San Francisco • 06 Aug 2019

Grab security patches now from chip designer, Google Exposed: Lazy Android mobe makers couldn't care less about security

Black Hat It is possible to thoroughly hijack a nearby vulnerable Qualcomm-based Android phone, tablet, or similar gadget, via Wi-Fi, we learned on Monday. This likely affects millions of Android devices. Specifically, the following two security holes, dubbed Qualpwn and found by Tencent's Blade Team, can be leveraged one after the other to potentially take over a handheld: Thus, it is possible for a miscreant to join a nearby wireless network, seek out a vulnerable Qualcomm-powered Android devi...

It's 2019 – and you can completely pwn millions of Qualcomm-powered Androids over the air
The Register • Shaun Nichols in San Francisco • 06 Aug 2019

Grab security patches now from chip designer, Google Exposed: Lazy Android mobe makers couldn't care less about security

Black Hat It is possible to thoroughly hijack a nearby vulnerable Qualcomm-based Android phone, tablet, or similar gadget, via Wi-Fi, we learned on Monday. This likely affects millions of Android devices. Specifically, the following two security holes, dubbed Qualpwn and found by Tencent's Blade Team, can be leveraged one after the other to potentially take over a handheld: Thus, it is possible for a miscreant to join a nearby wireless network, seek out a vulnerable Qualcomm-powered Android devi...