#VU109344 Stack-based buffer overflow in Qualcomm products - CVE-2020-3666
Published: May 17, 2025
Vulnerability identifier: #VU109344
Vulnerability risk:
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:
CVE-ID: CVE-2020-3666
CWE-ID: CWE-121
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
APQ8009
APQ8017
APQ8053
APQ8096AU
APQ8098
IPQ4019
IPQ8064
IPQ8074
MDM9206
MDM9207C
MDM9607
MDM9640
MDM9650
MSM8996AU
MSM8998
QCA6174A
QCA6574AU
QCA9377
QCA9379
QCA9531
QCA9558
QCA9980
QCS405
QCS605
SA6155P
SDA845
SDM630
SDM636
SDM660
SDM670
SDM710
SDM845
SDX20
SDX24
SXR1130
IPQ6018
QCA6574
QCA6584AU
QCA8081
QCA9563
QCA9880
QCA9886
QCN5500
QCN5502
QCS404
SDM850
APQ8009
APQ8017
APQ8053
APQ8096AU
APQ8098
IPQ4019
IPQ8064
IPQ8074
MDM9206
MDM9207C
MDM9607
MDM9640
MDM9650
MSM8996AU
MSM8998
QCA6174A
QCA6574AU
QCA9377
QCA9379
QCA9531
QCA9558
QCA9980
QCS405
QCS605
SA6155P
SDA845
SDM630
SDM636
SDM660
SDM670
SDM710
SDM845
SDX20
SDX24
SXR1130
IPQ6018
QCA6574
QCA6584AU
QCA8081
QCA9563
QCA9880
QCA9886
QCN5500
QCN5502
QCS404
SDM850
Software vendor:
Qualcomm
Qualcomm
Description
The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in WLAN. #AV# #AU# can #EXT_IMPACT#.
Remediation
Install security update from vendor's website.