CVE-2019-2346

Severity Score

7.8

*CVSS v3

Exploit Likelihood

< 1%

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Firmware is getting into loop of overwriting memory when scan command is given from host because of improper validation. in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ8074, QCA8081, QCS404, QCS405, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660

El firmware se está metiendo en el bucle de la memoria de sobrescritura cuando el comando de escaneo se proporciona desde el host debido a una validación incorrecta en Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ8074, QCA8081, QCS404, QCS405, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2018-12-10 CVE Reserved
2019-07-25 CVE Published
2024-08-04 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-129: Improper Validation of Array Index

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.qualcomm.com/company/product-security/bulletins	2019-07-30

1 - 1 of 1

Affected Vendors, Products, and Versions (24)

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Qualcomm Search vendor "Qualcomm"	Ipq8074 Firmware Search vendor "Qualcomm" for product "Ipq8074 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Ipq8074 Search vendor "Qualcomm" for product "Ipq8074"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Qca8081 Firmware Search vendor "Qualcomm" for product "Qca8081 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Qca8081 Search vendor "Qualcomm" for product "Qca8081"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Qcs404 Firmware Search vendor "Qualcomm" for product "Qcs404 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Qcs404 Search vendor "Qualcomm" for product "Qcs404"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Qcs405 Firmware Search vendor "Qualcomm" for product "Qcs405 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Qcs405 Search vendor "Qualcomm" for product "Qcs405"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Qcs605 Firmware Search vendor "Qualcomm" for product "Qcs605 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Qcs605 Search vendor "Qualcomm" for product "Qcs605"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Sd 425 Firmware Search vendor "Qualcomm" for product "Sd 425 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Sd 425 Search vendor "Qualcomm" for product "Sd 425"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Sd 427 Firmware Search vendor "Qualcomm" for product "Sd 427 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Sd 427 Search vendor "Qualcomm" for product "Sd 427"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Sd 430 Firmware Search vendor "Qualcomm" for product "Sd 430 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Sd 430 Search vendor "Qualcomm" for product "Sd 430"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Sd 435 Firmware Search vendor "Qualcomm" for product "Sd 435 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Sd 435 Search vendor "Qualcomm" for product "Sd 435"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Sd 450 Firmware Search vendor "Qualcomm" for product "Sd 450 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Sd 450 Search vendor "Qualcomm" for product "Sd 450"	-	-	Safe

1 - 10 of 24