Improper Handling of Deauth/Disassoc Frames in Snapdragon Auto, Compute, Consumer Electronics Connectivity, Consumer IOT, Industrial IOT, Mobile, and other Qualcomm Products

Improper Handling of Deauth/Disassoc Frames in Snapdragon Auto, Compute, Consumer Electronics Connectivity, Consumer IOT, Industrial IOT, Mobile, and other Qualcomm Products

CVE-2020-3615 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Valid deauth/disassoc frames is dropped in case if RMF is enabled and some rouge peer keep on sending rogue deauth/disassoc frames due to improper enum values used to check the frame subtype in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8009, APQ8053, APQ8096AU, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCN7605, QCS605, SC8180X, SDM630, SDM636, SDM660, SDM845, SDX20, SDX24, SDX55, SM8150, SXR1130

Learn more about our Industrial Pen Testing.