CVE-2018-13886

CVE Database · CVE-2018-13886

CVE-2018-13886

· N/AModified

CVSS v3.1

N/A

EPSS

1.11%

Published

May 24, 2019

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Unchecked OTA field in GNSS XTRA3 lead to integer overflow and then buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDM439, SDM630, SDM660, SDX20, SM7150, Snapdragon_High_Med_2016, SXR1130

Weaknesses (CWE)

CWE-190

Affected Products (100)

qualcomm · mdm9150_firmwarevulnerable

qualcomm · mdm9150

qualcomm · mdm9206_firmwarevulnerable

qualcomm · mdm9206

qualcomm · mdm9607_firmwarevulnerable

qualcomm · mdm9607

qualcomm · mdm9615_firmwarevulnerable

qualcomm · mdm9615

qualcomm · mdm9635m_firmwarevulnerable

qualcomm · mdm9635m

qualcomm · mdm9640_firmwarevulnerable

· mdm9640

References (2)

https://www.qualcomm.com/company/product-security/bulletins#_CVE-2018-13886

Vendor Advisory

https://www.qualcomm.com/company/product-security/bulletins#_CVE-2018-13886

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs