Unknown
CVE-2019-2312
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
Unknown
(0 users assessed)
Unknown
(0 users assessed)Unknown
Unknown
Unknown
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
When handling the vendor command there exists a potential buffer overflow due to lack of input validation of data buffer received in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, MDM9640, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS405, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM630, SDM660, SDX24
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
General Information
Vendors
Products
- mdm9607 firmware -,
- mdm9640 firmware -,
- msm8996au firmware -,
- qca6174a firmware -,
- qca6574au firmware -,
- qca9377 firmware -,
- qca9379 firmware -,
- qcs405 firmware -,
- qcs605 firmware -,
- sd 205 firmware -,
- sd 210 firmware -,
- sd 212 firmware -,
- sd 425 firmware -,
- sd 427 firmware -,
- sd 430 firmware -,
- sd 435 firmware -,
- sd 450 firmware -,
- sd 600 firmware -,
- sd 625 firmware -,
- sd 636 firmware -,
- sd 665 firmware -,
- sd 670 firmware -,
- sd 675 firmware -,
- sd 710 firmware -,
- sd 712 firmware -,
- sd 730 firmware -,
- sd 820 firmware -,
- sd 820a firmware -,
- sd 835 firmware -,
- sd 845 firmware -,
- sd 850 firmware -,
- sd 855 firmware -,
- sdm630 firmware -,
- sdm660 firmware -,
- sdx24 firmware -
References
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Zero-day Exploit
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
