#VU57891 Buffer overflow in Qualcomm products - CVE-2021-30321
Published: November 3, 2021
Vulnerability identifier: #VU57891
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2021-30321
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
AQT1000
QCA1062
QCA1064
QCA2066
QCA6320
QCA6391
QCA6420
QCA6430
SC8280XP
SD 8CX
WCD9340
WCD9341
WCD9380
WCD9385
WCN3998
WCN6850
WCN6851
WCN6855
WCN6856
WSA8810
WSA8815
WSA8830
WSA8835
AQT1000
QCA1062
QCA1064
QCA2066
QCA6320
QCA6391
QCA6420
QCA6430
SC8280XP
SD 8CX
WCD9340
WCD9341
WCD9380
WCD9385
WCN3998
WCN6850
WCN6851
WCN6855
WCN6856
WSA8810
WSA8815
WSA8830
WSA8835
Software vendor:
Qualcomm
Qualcomm
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to lack of parameter length check during MBSSID scan IE parse. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install updates from vendor's website.