CVE-2024-54982

Vulnerability Description

An issue in Quectel BC25 with firmware version BC25PAR01A06 allows attackers to bypass authentication via a crafted NAS message. NOTE: Quectel disputes this because the issue is in the chipset supply chain and is not localized to one or more Quectel products.

References

https://github.com/haroldfeng/nbiot-va/blob/master/Quectel_BC25_Subscriber_Auth_

FAQ

What is CVE-2024-54982?

CVE-2024-54982 is a documented vulnerability. An issue in Quectel BC25 with firmware version BC25PAR01A06 allows attackers to bypass authentication via a crafted NAS message. NOTE: Quectel disputes this because the issue is in the chipset supply ...

How severe is CVE-2024-54982?

CVSS scoring is not yet available for CVE-2024-54982. Check NVD for updates.

Is there a patch for CVE-2024-54982?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.