3777 matches found
Qualcomm 芯片缓冲区错误漏洞
A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way of miniaturizing circuits mainly semiconductor devices, but also passive components, etc., and is often manufactured on the surface of semiconductor wafers. A buffer error vulnerability exists in Qualcomm chips. The following product...
多款Qualcomm产品缓冲区错误漏洞
Qualcomm MDM9206 and others are products of Qualcomm Incorporated Qualcomm.MDM9206 is a central processing unit CPU product.MDM9607 is a central processing unit CPU product.MDM9640 is a central processing unit CPU product.MDM9640 is a central processing unit CPU product.MDM9640 is a central...
Vulnerability Spotlight: Multiple vulnerabilities in ZTE MF971R LTE router
Marcin “Icewall” Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered multiple vulnerabilities in the ZTE MF971R LTE portable router. The MF971R is a portable router with Wi-Fi support and works as an LTE/GSM modem. An attacker could... This is...
ZTE MF971R STK_PROCESS stack-based buffer overflow vulnerability
Summary An exploitable Stack Based Buffer Overflow vulnerability exists in ZTE MF971R LTE router version wainnerversion:BDPLKPLMF971R1V1.0.0B06. A specially-crafted HTTP request can cause a stack-based buffer overflow and leads to remote code execution. An attacker needs to provide a URL to the...
ZTE MF971R sms_cmd_status_info cross-site scripting vulnerability
Summary An exploitable Cross-Site-Scripting vulnerability exists in ZTE MF971R LTE router version wainnerversion:BDPLKPLMF971R1V1.0.0B06. A specially crafted HTTP request can cause an XSS vulnerability and as a result arbitrary JavaScript code execution in the victim’s browser. An attacker needs ...
CVE-2021-25480
A lack of replay attack protection in GUTI REALLOCATION COMMAND message process in Qualcomm modem prior to SMR Oct-2021 Release 1 can lead to remote denial of service on mobile network connection...
CVE-2021-25488
Lack of boundary checking of a buffer in recvdata of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read...
CVE-2021-25489
Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic...
CVE-2021-25477
An improper error handling in Mediatek RRC Protocol stack prior to SMR Oct-2021 Release 1 allows modem crash and remote denial of service...
CVE-2021-25487
Lack of boundary checking of a buffer in setskbpriv of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read and it results in arbitrary code execution by dereference of invalid function pointer...
CVE-2021-25488
Lack of boundary checking of a buffer in recvdata of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read...
CVE-2021-25487
Lack of boundary checking of a buffer in setskbpriv of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read and it results in arbitrary code execution by dereference of invalid function pointer...
CVE-2021-25489
Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic...
Code injection
Lack of boundary checking of a buffer in recvdata of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read...
Design/Logic Flaw
Lack of boundary checking of a buffer in setskbpriv of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read and it results in arbitrary code execution by dereference of invalid function pointer...
Input validation
An improper error handling in Mediatek RRC Protocol stack prior to SMR Oct-2021 Release 1 allows modem crash and remote denial of service...
Format string
Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic...
CVE-2021-25489
Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic...
CVE-2021-25489
Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic...
CVE-2021-25489
The CVE-2021-25489 issue affects Samsung Mobile Devices, caused by improper input validation in the modem interface driver, triggering a format-string error that can cause a kernel panic. Affected are Samsung Mobile Devices prior to SMR Oct-2021 Release 1. The root cause is missing input validati...