Mdm9207 Firmware Security Vulnerabilities and Issues — Mdm9207 Firmware CVE List

User can overwrite Security Code NV item without knowing current SPC due to improper validation of SPC code setting and device lock in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voic...

8.8CVSS8.7AI score0.00033EPSS

CVE•added 2023/04/13 7:15 a.m.•66 views

CVE-2022-33295

Information disclosure in Modem due to buffer over-read while parsing the wms message received given the buffer and its length.

8.2CVSS7.7AI score0.00077EPSS

CVE•added 2023/04/13 7:15 a.m.•63 views

CVE-2022-33222

Information disclosure due to buffer over-read while parsing DNS response packets in Modem.

8.2CVSS7.7AI score0.00077EPSS

CVE•added 2023/02/12 4:15 a.m.•61 views

CVE-2022-25738

Information disclosure in modem due to buffer over-red while performing checksum of packet received

8.2CVSS7.7AI score0.0008EPSS

CVE•added 2023/03/10 9:15 p.m.•60 views

CVE-2022-25694

Memory corruption in Modem due to usage of Out-of-range pointer offset in UIM

8.4CVSS8AI score0.00067EPSS

CVE•added 2023/02/12 4:15 a.m.•60 views

CVE-2022-25732

Information disclosure in modem due to buffer over read in dns client due to missing length check

8.2CVSS7.6AI score0.0008EPSS

CVE•added 2023/04/13 7:15 a.m.•58 views

CVE-2022-25730

Information disclosure in modem due to improper check of IP type while processing DNS server query

8.2CVSS7.6AI score0.00068EPSS

CVE•added 2023/02/12 4:15 a.m.•57 views

CVE-2022-33229

Information disclosure due to buffer over-read in Modem while using static array to process IPv4 packets.

8.2CVSS7.7AI score0.0008EPSS

CVE•added 2022/12/13 4:15 p.m.•56 views

CVE-2022-25682

Memory corruption in MODEM UIM due to usage of out of range pointer offset while decoding command from card in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

8.4CVSS7.9AI score0.00072EPSS

CVE•added 2022/12/13 4:15 p.m.•55 views

CVE-2022-25695

Memory corruption in MODEM due to Improper Validation of Array Index while processing GSTK Proactive commands in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon ...

8.4CVSS8AI score0.00058EPSS

CVE•added 2023/04/13 7:15 a.m.•53 views

CVE-2022-25747

Information disclosure in modem due to improper input validation during parsing of upcoming CoAP message

8.2CVSS7.6AI score0.00057EPSS

CVE•added 2023/04/13 7:15 a.m.•52 views

CVE-2022-25726

Information disclosure in modem data due to array out of bound access while handling the incoming DNS response packet

8.2CVSS7.6AI score0.00068EPSS

CVE•added 2023/04/13 7:15 a.m.•52 views

CVE-2022-33258

Information disclosure due to buffer over-read in modem while reading configuration parameters.

8.2CVSS7.7AI score0.00068EPSS

CVE•added 2021/09/17 7:15 a.m.•40 views

CVE-2021-30261

Possible integer and heap overflow due to lack of input command size validation while handling beacon template update command from HLOS in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

8.4CVSS7.9AI score0.00035EPSS