18 matches found
EUVD-2020-18492
Malware in sbrugna...
EUVD-2020-18491
Malware in sbrugna...
CVE-2020-25858
The QCMAPWebCLIENT binary in the Qualcomm QCMAP software suite prior to versions released in October 2020 does not validate the return value of a strstr or strchr call in the Tokenizer function. An attacker who invokes the web interface with a crafted URL can crash the process, causing denial of...
CVE-2020-25859
The QCMAPCLI utility in the Qualcomm QCMAP software suite prior to versions released in October 2020 uses a system call without validating the input, while handling a SetGatewayUrl request. A local attacker with shell access can pass shell metacharacters and run arbitrary commands. If QCMAPCLI ca...
CVE-2024-13943
Tesla Model S Iris Modem QCMAPConnectionManager Improper Input Validation Sandbox Escape Vulnerability. This vulnerability allows local attackers to escape the sandbox on affected affected Tesla Model S vehicles. An attacker must first obtain the ability to execute low-privileged code on the targ...
CVE-2024-13943
Tesla Model S Iris Modem QCMAPConnectionManager Improper Input Validation Sandbox Escape Vulnerability. This vulnerability allows local attackers to escape the sandbox on affected affected Tesla Model S vehicles. An attacker must first obtain the ability to execute low-privileged code on the targ...
CVE-2024-13943 Tesla Model S Iris Modem QCMAP_ConnectionManager Improper Input Validation Sandbox Escape Vulnerability
Tesla Model S Iris Modem QCMAPConnectionManager Improper Input Validation Sandbox Escape Vulnerability. This vulnerability allows local attackers to escape the sandbox on affected affected Tesla Model S vehicles. An attacker must first obtain the ability to execute low-privileged code on the targ...
CVE-2024-13943 Tesla Model S Iris Modem QCMAP_ConnectionManager Improper Input Validation Sandbox Escape Vulnerability
Tesla Model S Iris Modem QCMAPConnectionManager Improper Input Validation Sandbox Escape Vulnerability. This vulnerability allows local attackers to escape the sandbox on affected affected Tesla Model S vehicles. An attacker must first obtain the ability to execute low-privileged code on the targ...
PT-2025-18322 · Tesla · Tesla Model S
Name of the Vulnerable Software and Affected Versions: Tesla Model S versions affected versions not specified Description: This issue allows local attackers to escape the sandbox on affected Tesla Model S vehicles. To exploit this, an attacker must first obtain the ability to execute low-privileg...
(Pwn2Own) Tesla Model S Iris Modem QCMAP_ConnectionManager Improper Input Validation Sandbox Escape Vulnerability
This vulnerability allows local attackers to escape the sandbox on affected affected Tesla Model S vehicles. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...
CVE-2020-25858
The QCMAPWebCLIENT binary in the Qualcomm QCMAP software suite prior to versions released in October 2020 does not validate the return value of a strstr or strchr call in the Tokenizer function. An attacker who invokes the web interface with a crafted URL can crash the process, causing denial of...
CVE-2020-25859
The QCMAPCLI utility in the Qualcomm QCMAP software suite prior to versions released in October 2020 uses a system call without validating the input, while handling a SetGatewayUrl request. A local attacker with shell access can pass shell metacharacters and run arbitrary commands. If QCMAPCLI ca...
Design/Logic Flaw
The QCMAPCLI utility in the Qualcomm QCMAP software suite prior to versions released in October 2020 uses a system call without validating the input, while handling a SetGatewayUrl request. A local attacker with shell access can pass shell metacharacters and run arbitrary commands. If QCMAPCLI ca...
Design/Logic Flaw
The QCMAPWebCLIENT binary in the Qualcomm QCMAP software suite prior to versions released in October 2020 does not validate the return value of a strstr or strchr call in the Tokenizer function. An attacker who invokes the web interface with a crafted URL can crash the process, causing denial of...
CVE-2020-25859
CVE-2020-25859 concerns the QCMAP_CLI utility in Qualcomm QCMAP, where handling SetGatewayUrl() can invoke system() without input validation. This allows a local attacker with shell access to pass shell metacharacters and execute arbitrary commands. If QCMAP_CLI runs with sudo or setuid, privileg...
CVE-2020-25858
CVE-2020-25858 affects the Qualcomm QCMAP Web UI. The issue lies in the QCMAP_Web_CLIENT binary where the Tokenizer() function does not validate the return values of strstr() or strchr(). This can let an attacker supply a crafted URL via the web interface that crashes the process, resulting in a ...
CVE-2019-7746
JioFi 4 jmr1140 AmtelJMR1140R12.07 devices allow remote attackers to obtain an admin token by making a /cgi-bin/qcmapauth type=getuser request and then reading the token field. This token value can then be used to change the Wi-Fi password or perform a factory reset...
CVE-2019-7439
cgi-bin/qcmapwebcgi on JioFi 4G M2S 1.0.2 devices allows a DoS Hang via the mask POST parameter...