Vulnerability identifier: #VU54535
Vulnerability risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-617
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
AR7420
Mobile applications /
Mobile firmware & hardware
AR9380
Mobile applications /
Mobile firmware & hardware
CSR8811
Mobile applications /
Mobile firmware & hardware
IPQ4018
Mobile applications /
Mobile firmware & hardware
IPQ4028
Mobile applications /
Mobile firmware & hardware
IPQ4029
Mobile applications /
Mobile firmware & hardware
IPQ8065
Mobile applications /
Mobile firmware & hardware
IPQ8069
Mobile applications /
Mobile firmware & hardware
QCA6310
Mobile applications /
Mobile firmware & hardware
QCA6320
Mobile applications /
Mobile firmware & hardware
QCA6335
Mobile applications /
Mobile firmware & hardware
QCA6428
Mobile applications /
Mobile firmware & hardware
QCA6438
Mobile applications /
Mobile firmware & hardware
QCA7500
Mobile applications /
Mobile firmware & hardware
QCA7520
Mobile applications /
Mobile firmware & hardware
QCA7550
Mobile applications /
Mobile firmware & hardware
QCA9561
Mobile applications /
Mobile firmware & hardware
QCA9563
Mobile applications /
Mobile firmware & hardware
QCA9880
Mobile applications /
Mobile firmware & hardware
QCA9882
Mobile applications /
Mobile firmware & hardware
QCA9887
Mobile applications /
Mobile firmware & hardware
QCA9888
Mobile applications /
Mobile firmware & hardware
QCA9889
Mobile applications /
Mobile firmware & hardware
QCA9896
Mobile applications /
Mobile firmware & hardware
QCA9898
Mobile applications /
Mobile firmware & hardware
QCA9984
Mobile applications /
Mobile firmware & hardware
QCA9990
Mobile applications /
Mobile firmware & hardware
QCA9992
Mobile applications /
Mobile firmware & hardware
QCA9994
Mobile applications /
Mobile firmware & hardware
QCN5024
Mobile applications /
Mobile firmware & hardware
QCN5054
Mobile applications /
Mobile firmware & hardware
QCN5501
Mobile applications /
Mobile firmware & hardware
QCN5502
Mobile applications /
Mobile firmware & hardware
IPQ4019
Hardware solutions /
Firmware
IPQ8064
Hardware solutions /
Firmware
IPQ8074
Hardware solutions /
Firmware
QCA9531
Hardware solutions /
Firmware
QCA9558
Hardware solutions /
Firmware
QCA9980
Hardware solutions /
Firmware
Vendor: Qualcomm
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion in the WLAN subsystem while using the Wi-Fi Fine Timing Measurement protocol. A remote attacker can send specially crafted traffic to the device and perform a denial of service (DoS) attack.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
AR7420: All versions
AR9380: All versions
CSR8811: All versions
IPQ4018: All versions
IPQ4019: All versions
IPQ4028: All versions
IPQ4029: All versions
IPQ8064: All versions
IPQ8065: All versions
IPQ8069: All versions
IPQ8074: All versions
QCA6310: All versions
QCA6320: All versions
QCA6335: All versions
QCA6428: All versions
QCA6438: All versions
QCA7500: All versions
QCA7520: All versions
QCA7550: All versions
QCA9531: All versions
QCA9558: All versions
QCA9561: All versions
QCA9563: All versions
QCA9880: All versions
QCA9882: All versions
QCA9887: All versions
QCA9888: All versions
QCA9889: All versions
QCA9896: All versions
QCA9898: All versions
QCA9980: All versions
QCA9984: All versions
QCA9990: All versions
QCA9992: All versions
QCA9994: All versions
QCN5024: All versions
QCN5054: All versions
QCN5501: All versions
QCN5502: All versions
External links
http://www.qualcomm.com/company/product-security/bulletins/july-2021-bulletin
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.