Main Vulnerability Database Vulnerabilities #VU109316

#VU109316 Cryptographic Issues in Qualcomm products - CVE-2020-3702

Published: May 17, 2025

Vulnerability identifier: #VU109316

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:L/SA:N/E:U/U:Green

CVE-ID: CVE-2020-3702

CWE-ID: CWE-310

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
QCN550x
QCA955x
QCA956x
AR938x
AR958x
AR934x
AR9331
AR9287
QCA4531
QCA9565
QCA9462
QCA9485
QCA9531

Software vendor:
Qualcomm

Description

The vulnerability allows a remote attacker to gain access top sensitive information.

The vulnerability exists due to improper input validation in WIFI driver(Krook). A remote attacker can temporary disable WPA2 or the WPA/WPA2 mixed-mode encryption and intercept traffic in clear text.

Remediation

Install security update from vendor's website.

External links

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin

#VU109316 Cryptographic Issues in Qualcomm products - CVE-2020-3702

Description

Remediation

External links

Please verify you're human