mdm8207 firmware · threatengine.sh

Home/Product/qualcomm mdm8207 firmware

Product

qualcomm mdm8207 firmware

110 known vulnerabilities across versions

Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.

Sort Min CVSS Published since

Weak configuration may lead to cryptographic issue when a VoWiFi call is triggered from UE.

Memory corruption during PlayReady APP usecase while processing TA commands.

Cryptographic issue while performing RSA PKCS padding decoding.

Memory corruption when allocating and accessing an entry in an SMEM partition continuously.

Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.

Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immedia

Memory corruption in Audio while processing RT proxy port register driver.

Memory corruption in Audio during playback with speaker protection.

Memory corruption in HLOS while running playready use-case.

Memory corruption while using the UIM diag command to get the operators name.

Memory corruption in Boot while running a ListVars test in UEFI Menu during boot.

Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.

Memory corruption in MPP performance while accessing DSM watermark using external memory address.

Memory Corruption in Multi-mode Call Processor while processing bit mask API.

Information Disclosure in data Modem while parsing an FMTP line in an SDP message.

Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value.

Memory Corruption in Data Modem while making a MO call or MT VOLTE call.

Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one key.

Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder.

Transient DOS due to improper authorization in Modem

Memory corruption due to double free in Core while mapping HLOS address to the list.

Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message.

information disclosure due to cryptographic issue in Core during RPMB read request.

Information disclosure due to buffer over-read in Modem while parsing DNS hostname.

Transient DOS due to NULL pointer dereference in Modem while performing pullup for received TCP/UDP packet.

Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command le

Information disclosure in Modem due to buffer over-read while parsing the wms message received given the buffer and its length.

Transient DOS in Modem due to NULL pointer dereference while receiving response of lwm2m registration/update/bootstrap request mes

Information disclosure in Modem due to buffer over-read while receiving a IP header with malformed length.

Memory corruption occurs in Modem due to improper validation of array index when malformed APDU is sent from card.

Information disclosure in Modem due to buffer over-read while getting length of Unfragmented headers in an IPv6 packet.

Memory corruption due to buffer copy without checking the size of input in modem while decoding raw SMS received.

Information disclosure due to buffer over-read in modem while reading configuration parameters.

Information disclosure sue to buffer over-read in modem while processing ipv6 packet with hop-by-hop or destination option in head

Transient DOS in Modem due to null pointer dereference while processing the incoming packet with http chunked encoding.

Information disclosure due to buffer over-read while parsing DNS response packets in Modem.

memory corruption in modem due to improper check while calculating size of serialized CoAP message

Information disclosure in modem due to improper input validation during parsing of upcoming CoAP message

Memory corruption in modem due to buffer overwrite while building an IPv6 multicast address based on the MAC address of the iface

Denial of service in modem due to missing null check while processing the ipv6 packet received during ECM call

Information disclosure in modem due to missing NULL check while reading packets received from local network

Information disclosure in modem due to buffer over-read while processing packets from DNS server

Information disclosure in modem due to improper check of IP type while processing DNS server query

Information disclosure in modem data due to array out of bound access while handling the incoming DNS response packet

Memory correction in modem due to buffer overwrite during coap connection

Memory corruption in modem due to buffer overflow while processing a PPP packet

Memory corruption in modem due to integer overflow to buffer overflow while handling APDU response

Memory corruption in Modem due to usage of Out-of-range pointer offset in UIM

Memory corruption due to configuration weakness in modem wile sending command to write protected files.

Information disclosure due to buffer over-read in Modem while using static array to process IPv4 packets.

Information disclosure in modem due to buffer over-red while performing checksum of packet received

Denial of service in modem due to missing null check while processing TCP or UDP packets from server

Denial of service in modem due to missing null check while processing IP packets with padding

Denial of service in modem due to null pointer dereference while processing DNS packets

Information disclosure in modem due to buffer over read in dns client due to missing length check

Information disclosure in modem due to buffer over-read while processing response from DNS server

Memory corruption in MODEM due to Improper Validation of Array Index while processing GSTK Proactive commands in Snapdragon Auto,

Memory corruption in MODEM UIM due to usage of out of range pointer offset while decoding command from card in Snapdragon Auto, Sn

Denial of service in modem due to infinite loop while parsing IGMPv2 packet from server in Snapdragon Consumer IOT, Snapdragon Ind

Memory Corruption in modem due to improper length check while copying into memory in Snapdragon Consumer IOT, Snapdragon Industria

Improper authorization of a replayed LTE security mode command can lead to a denial of service in Snapdragon Auto, Snapdragon Comp

Improper integrity check can lead to race condition between tasks PDCP and RRC? after a valid RRC Command packet has been received

Improper buffer size validation of DSM packet received can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapd

Improper validation of buffer size input to the EFS file can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Sna

Improper validation of maximum size of data write to EFS file can lead to memory corruption in Snapdragon Auto, Snapdragon Compute

Possible denial of service due to incorrectly decoding hex data for the SIB2 OTA message and assigning a garbage value to choice w

Possible buffer overflow due to lack of range check while processing a DIAG command for COEX management in Snapdragon Auto, Snapdr

Possible assertion due to improper handling of IPV6 packet with invalid length in destination options header in Snapdragon Auto, S

Possible null pointer dereference in thread cache operation handler due to lack of validation of user provided input in Snapdragon

Possible null pointer dereference in trap handler due to lack of thread ID validation before dereferencing it in Snapdragon Auto,

Possible null pointer dereference in thread profile trap handler due to lack of thread ID validation before dereferencing it in Sn

Possible heap Memory Corruption Issue due to lack of input validation when sending HWTC IQ Capture command in Snapdragon Auto, Sna

Possible information exposure and denial of service due to NAS not dropping messages when integrity check fails in Snapdragon Auto

Possible buffer overflow due to improper input validation in PDM DIAG command in FTM in Snapdragon Auto, Snapdragon Compute, Snapd

Possible buffer overflow due to improper input validation in factory calibration and test DIAG command in Snapdragon Auto, Snapdra

Possible heap overflow due to improper length check of domain while parsing the DNS response in Snapdragon Auto, Snapdragon Comput

A FTM Diag command can allow an arbitrary write into modem OS space in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivit

Information disclosure through timing and power side-channels during mod exponentiation for RSA-CRT in Snapdragon Auto, Snapdragon

Possible memory corruption due to lack of bound check of input index in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivi

Possible integer and heap overflow due to lack of input command size validation while handling beacon template update command from

Possible null pointer dereference due to lack of validation check for passed pointer during key import in Snapdragon Auto, Snapdra

Buffer overflow occurs in trusted applications due to lack of length check of parameters in Snapdragon Auto, Snapdragon Compute, S

Integer underflow can occur due to improper handling of incoming RTCP packets in Snapdragon Auto, Snapdragon Compute, Snapdragon C

Integer underflow can occur when the RTCP length is lesser than the actual blocks present in Snapdragon Auto, Snapdragon Comp

Possible buffer underflow due to lack of check for negative indices values when processing user provided input in Snapdragon Auto,

Loop with unreachable exit condition may occur due to improper handling of unsupported input in Snapdragon Auto, Snapdragon Comput

Possible out of bound read in DRM due to improper buffer length check. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connecti

Possible buffer overflow in voice service due to lack of input validation of parameters in QMI Voice API in Snapdragon Auto, Snapd

Out of bound write can occur in TZ command handler due to lack of validation of command ID in Snapdragon Auto, Snapdragon Compute,

Buffer over-read while unpacking the RTCP packet we may read extra byte if wrong length is provided in RTCP packets in Snapdragon

Memory corruption while processing crafted SDES packets due to improper length check in sdes packets recieved in Snapdragon Auto,

Denial of service while processing RTCP packets containing multiple SDES reports due to memory for last SDES packet is freed and r

Out-of-bounds read vulnerability while accessing DTMF payload due to lack of check of buffer length before copying in Snapdragon A

Out of bound read occurs while processing crafted SDP due to lack of check of null string in Snapdragon Auto, Snapdragon Compute,

Out of bound write while parsing RTT/TTY packet parsing due to lack of check of buffer size before copying into buffer in Snapdrag

Out of bound memory read in Data modem while unpacking data due to lack of offset length check in Snapdragon Auto, Snapdragon Comp

Usage of syscall by non-secure entity can allow extraction of secure QTEE diagnostic information in clear text form due to insuffi

HLOS to access EL3 stack canary by just mapping imem region due to Improper access control and can lead to information exposure in

Out of bound write while parsing SDP string due to missing check on null termination in Snapdragon Auto, Snapdragon Compute, Snapd

Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Sna

Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Sna

Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Sna

Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Sna

Potential out of bound read exception when UE receives unusually large number of padding octets in the beginning of ROHC header in

Possible memory corruption and information leakage in sub-system due to lack of check for validity and boundary compliance for par

Out of bound write and read in TA while processing command from NS side due to improper length check on command and response buffe

User can overwrite Security Code NV item without knowing current SPC due to improper validation of SPC code setting and device loc

Out of bound memory access while playing music playbacks with crafted vorbis content due to improper checks in header extraction i

u'Buffer over read in boot due to size check ignored before copying GUID attribute from request to response' in Snapdragon Auto, S

u'information disclosure in gatekeeper trustzone implementation as the throttling mechanism to prevent brute force attempts at get

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin