#VU109351 Exposure of sensitive information to an unauthorized actor in Qualcomm products - CVE-2020-11115
Published: May 17, 2025
Vulnerability identifier: #VU109351
Vulnerability risk:
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:
CVE-ID: CVE-2020-11115
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
APQ8009
APQ8053
APQ8096AU
APQ8098
Kamorta
MDM9206
MDM9207C
MDM9607
MDM9640
MDM9650
MSM8905
MSM8909W
MSM8917
MSM8920
MSM8937
MSM8940
MSM8953
MSM8996AU
MSM8998
QCA6174A
QCA6574AU
QCA9377
QCA9379
QCM2150
QCN7605
QCS405
QCS605
QM215
Rennell
Saipan
SC8180X
SDA845
SDM429
SDM429W
SDM439
SDM450
SDM632
SDM660
SDM845
SDX20
SDX55
SM6150
SM7150
SM8150
SM8250
SXR2130
Bitra
SA415M
APQ8009
APQ8053
APQ8096AU
APQ8098
Kamorta
MDM9206
MDM9207C
MDM9607
MDM9640
MDM9650
MSM8905
MSM8909W
MSM8917
MSM8920
MSM8937
MSM8940
MSM8953
MSM8996AU
MSM8998
QCA6174A
QCA6574AU
QCA9377
QCA9379
QCM2150
QCN7605
QCS405
QCS605
QM215
Rennell
Saipan
SC8180X
SDA845
SDM429
SDM429W
SDM439
SDM450
SDM632
SDM660
SDM845
SDX20
SDX55
SM6150
SM7150
SM8150
SM8250
SXR2130
Bitra
SA415M
Software vendor:
Qualcomm
Qualcomm
Description
The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in WLAN. #AV# #AU# can #EXT_IMPACT#.
Remediation
Install security update from vendor's website.