CRITICAL🇵🇱 Wersja polska

CVE-2024-21473

CVSS 9.8v3.1pub. 2024-04-01upd. 2025-01-13

Memory corruption while redirecting log file to any file location with any file name.

🤖 AI Analysis
How it works

The vulnerability results from insufficient input validation (CWE-20) and out-of-bounds write (CWE-787). During the log file redirection operation to a path and filename specified by the attacker, improperly handled data leads to corruption of the process memory areas. Due to the network attack vector (AV:N) and lack of requirements for user privileges and interaction, the exploit can be conducted remotely without any authorization.

Impact

An attacker can gain full control over the vulnerable device, including the ability to read and modify data and disrupt its operation. In the worst-case scenario, remote code execution (RCE) is possible with the privileges level of the process handling the logs.

Mitigation & patch

Apply patches available from the manufacturer in accordance with the Qualcomm security bulletin from April 2024: https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2024-bulletin.html

Who is affected

Firmware of chipsets: Qualcomm AR8035, AR9380, CSR8811 and other products listed in the Qualcomm security bulletin from April 2024 — the complete list is available in the manufacturer's references.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Qualcomm Ar8035

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Ar8035 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Ar9380

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Ar9380 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Csr8811

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Csr8811 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Fastconnect 6900

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Fastconnect 6900 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Fastconnect 7800

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Fastconnect 7800 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Immersive Home 214

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Immersive Home 214 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Immersive Home 216

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Immersive Home 216 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Immersive Home 316

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Immersive Home 316 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Immersive Home 318

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Immersive Home 318 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Immersive Home 3210

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Immersive Home 3210 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Immersive Home 326

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Immersive Home 326 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Ipq4018

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Ipq4018 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Ipq4019

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Ipq4019 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Ipq4028

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Ipq4028 Firmware

    OS
    Qualcomm
    wszystkie wersje
  • Qualcomm Ipq4029

    HW
    Qualcomm
    wszystkie wersje
  • Qualcomm Ipq4029 Firmware

    OS
    Qualcomm
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-27034CRITICAL9.8PL ✓ten sam produkt

Qualcomm Firmware — memory corruption przy wyborze PLMN z listy SOR

CVE-2025-21483CRITICAL9.8PL ✓ten sam produkt

Memory corruption w Qualcomm podczas składania pakietów RTP (NALUs)

CVE-2025-21450CRITICAL9.1PL ✓ten sam produkt

Qualcomm: podatność kryptograficzna umożliwiająca Auth Bypass podczas pobierania

CVE-2024-45569CRITICAL9.8PL ✓ten sam produkt

Qualcomm: Uszkodzenie pamięci przy parsowaniu ML IE w firmware

CVE-2024-33066CRITICAL9.8PL ✓ten sam produkt

Qualcomm Snapdragon – memory corruption przy przekierowaniu pliku logów