Cryptographic Issues in Qualcomm products - CVE-2020-3702
Published: May 17, 2025
Vulnerability identifier: #VU109316
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:L/SA:N/E:U/U:Green
CVE-ID: CVE-2020-3702
CWE-ID: CWE-310
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Qualcomm
Affected software:
QCN550x
QCA955x
QCA956x
AR938x
AR958x
AR934x
AR9331
AR9287
QCA4531
QCA9565
QCA9462
QCA9485
QCA9531
QCN550x
QCA955x
QCA956x
AR938x
AR958x
AR934x
AR9331
AR9287
QCA4531
QCA9565
QCA9462
QCA9485
QCA9531
Detailed vulnerability description
The vulnerability allows a remote attacker to gain access top sensitive information.
The vulnerability exists due to improper input validation in WIFI driver(Krook). A remote attacker can temporary disable WPA2 or the WPA/WPA2 mixed-mode encryption and intercept traffic in clear text.
How to mitigate CVE-2020-3702
Install security update from vendor's website.