CVSS: 10.0EPSS: 0%CPEs: 54EXPL: 0CVE-2018-3591
https://notcve.org/view.php?id=CVE-2018-3591
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016, the default build configuration of deviceprogrammer in BOOT.BF.3.0 enables the flag SKIP_SECBOOT_CHECK_NOT_RECOMMENDED_BY_QUALCOMM which will open up the peek and poke commands to any memory location on the target. En Android antes del nivel de parcheo de seguridad del 2018-04-05 en Qualcomm Snapdragon Mobile y Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660 y Snapdragon_High_Med_2016, la configuración de la build por defecto de deviceprogrammer en BOOT.BF.3.0 habilita la marca SKIP_SECBOOT_CHECK_NOT_RECOMMENDED_BY_QUALCOMM, la cual abre los comandos peek y pole en cualquier ubicación de la memoria en el objetivo. • http://www.securityfocus.com/bid/103671 https://source.android.com/security/bulletin/2018-04-01 • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 7.5EPSS: 0%CPEs: 76EXPL: 0CVE-2017-18072
https://notcve.org/view.php?id=CVE-2017-18072
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016, the probe requests originated from user's phone contains the information elements which specifies the supported wifi features. This shall impact the user's privacy if someone sniffs the probe requests originated by this DUT. Hence, control the presence of which information elements is supported. En Android, antes del nivel de parche de seguridad del 2018-04-05 en Qualcomm Snapdragon Mobile y Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660 y Snapdragon_High_Med_2016, la petición de sondeo originada en el teléfono del usuario contiene los elementos de información que especifican las características Wi-Fi soportadas. Esto impactaría en la privacidad del usuario si alguien rastrease las peticiones de sondeo originadas por esta DUT. • http://www.securityfocus.com/bid/103671 https://source.android.com/security/bulletin/2018-04-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 1%CPEs: 48EXPL: 1CVE-2015-9222 – RomPager 4.34 (Multiple Router Vendors) - 'Misfortune Cookie' Authentication Bypass
https://notcve.org/view.php?id=CVE-2015-9222
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, and Snapdragon_High_Med_2016, processing erroneous bitstreams may result in a HW freeze. FW should detect the HW freeze based on watchdog timer, but because the watchdog timer is not enabled, an infinite loop occurs, resulting in a device freeze. En Android, antes del nivel de parche de seguridad del 2018-04-05 o antes en Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660 y Snapdragon_High_Med_2016, el procesamiento de bitstreams erróneos puede resultar en un bloqueo del hardware. El firmware debería detectar que el hardware se ha bloqueado en base al temporizador guardián pero, debido a que este temporizador no está habilitado, ocurre un bucle infinito que desemboca en un bloqueo del dispositivo. • https://www.exploit-db.com/exploits/39739 http://www.securityfocus.com/bid/103671 https://source.android.com/security/bulletin/2018-04-01 • CWE-399: Resource Management Errors •