Vulnerability Description
u'Remote code execution can happen by sending a carefully crafted POST query when Device configuration is accessed from a tethered client through webserver due to lack of array bound check.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8953, MSM8996AU, QCA6574AU, QCS405, QCS610, QRB5165, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SDX55, SM8250
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qualcomm | Apq8009 Firmware | - |
| Qualcomm | Apq8009 | - |
| Qualcomm | Apq8017 Firmware | - |
| Qualcomm | Apq8017 | - |
| Qualcomm | Apq8053 Firmware | - |
| Qualcomm | Apq8053 | - |
| Qualcomm | Apq8096Au Firmware | - |
| Qualcomm | Apq8096Au | - |
| Qualcomm | Apq8098 Firmware | - |
| Qualcomm | Apq8098 | - |
| Qualcomm | Ipq4019 Firmware | - |
| Qualcomm | Ipq4019 | - |
| Qualcomm | Ipq6018 Firmware | - |
| Qualcomm | Ipq6018 | - |
| Qualcomm | Ipq8064 Firmware | - |
| Qualcomm | Ipq8064 | - |
| Qualcomm | Ipq8074 Firmware | - |
| Qualcomm | Ipq8074 | - |
| Qualcomm | Mdm9150 Firmware | - |
| Qualcomm | Mdm9150 | - |
Related Weaknesses (CWE)
References
- https://www.qualcomm.com/company/product-security/bulletins/october-2020-bulletiBroken Link
- https://www.qualcomm.com/company/product-security/bulletins/october-2020-securitVendor Advisory
- https://www.qualcomm.com/company/product-security/bulletins/october-2020-bulletiBroken Link
FAQ
What is CVE-2020-3657?
CVE-2020-3657 is a vulnerability with a CVSS score of 9.8 (CRITICAL). u'Remote code execution can happen by sending a carefully crafted POST query when Device configuration is accessed from a tethered client through webserver due to lack of array bound check.' in Snapdr...
How severe is CVE-2020-3657?
CVE-2020-3657 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-3657?
Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Apq8009 Firmware, Qualcomm Apq8009, Qualcomm Apq8017 Firmware, Qualcomm Apq8017, Qualcomm Apq8053 Firmware.