Qcc2073 Firmware Security Vulnerabilities
7.8CVSS
7.8AI Score
0.0004EPSS
Transient DOS in WLAN Firmware while processing the received beacon or probe response frame.
7.5CVSS
7.5AI Score
0.001EPSS
7.5CVSS
7.5AI Score
0.001EPSS
7.5CVSS
7.5AI Score
0.001EPSS
7.5CVSS
7.5AI Score
0.001EPSS
Memory corruption in WLAN Host when the firmware invokes multiple WMI Service Available command.
7.8CVSS
7.8AI Score
0.0004EPSS
6.1CVSS
5.3AI Score
0.0004EPSS
Information disclosure in WLAN HOST while processing the WLAN scan descriptor list during roaming scan.
6.1CVSS
5.5AI Score
0.0004EPSS
8.8CVSS
8.8AI Score
0.001EPSS
Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level.
7.8CVSS
7.9AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.001EPSS
7.5CVSS
7.5AI Score
0.001EPSS
9.8CVSS
8.3AI Score
0.001EPSS
Under certain scenarios the WLAN Firmware will reach an assertion due to state confusion while looking up peer ids.
7.5CVSS
7.5AI Score
0.0005EPSS
Memory corruption in WLAN Firmware while parsing a NAN management frame carrying a S3 attribute.
9.8CVSS
9.5AI Score
0.001EPSS
7.5CVSS
7.5AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.0005EPSS
7.5CVSS
7.5AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.0004EPSS
Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.
7.5CVSS
7.5AI Score
0.0004EPSS
Transient DOS while converting TWT (Target Wake Time) frame parameters in the OTA broadcast.
7.5CVSS
7.5AI Score
0.0005EPSS
8.4CVSS
7.8AI Score
0.0004EPSS
7.5CVSS
7.6AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.0005EPSS
Transient DOS while parsing WPA IES, when it is passed with length more than expected size.
7.5CVSS
7.5AI Score
0.0004EPSS
Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from host.
7.5CVSS
7.6AI Score
0.0005EPSS
Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains IPPROTO_NONE as the next header.
7.5CVSS
7.5AI Score
0.0004EPSS
Memory corruption when AP includes TID to link mapping IE in the beacons and STA is parsing the beacon TID to link mapping IE.
9.8CVSS
9.5AI Score
0.001EPSS
Transient DOS while key unwrapping process, when the given encrypted key is empty or NULL.
7.5CVSS
7.5AI Score
0.0005EPSS
Transient DOS while processing 11AZ RTT management action frame received through OTA.
7.5CVSS
7.5AI Score
0.0005EPSS
Transient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon frame.
7.5CVSS
7.5AI Score
0.0005EPSS
Memory corruption while validating the TID to Link Mapping action request frame, when a station connects to an access point.
9.8CVSS
9.4AI Score
0.001EPSS
7.5CVSS
7.5AI Score
0.0005EPSS
9.1CVSS
6.3AI Score
0.001EPSS
7.5CVSS
6.5AI Score
0.001EPSS
7.5CVSS
6.5AI Score
0.001EPSS
7.5CVSS
6.5AI Score
0.001EPSS
Transient DOS while parsing the received TID-to-link mapping element of beacon/probe response frame.
7.5CVSS
7.6AI Score
0.0005EPSS
Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improper.
7.5CVSS
7.6AI Score
0.0005EPSS
Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.
7.5CVSS
7.6AI Score
0.0005EPSS
Transient DOS while parsing the multi-link element Control field when common information length check is missing before updating the location.
7.5CVSS
7.5AI Score
0.0005EPSS