Sign-up

ID

VAR-202503-0307


CVE

CVE-2024-38426


TITLE

Authentication vulnerabilities in multiple Qualcomm products

Trust: 0.8

sources: JVNDB: JVNDB-2024-020278

DESCRIPTION

While processing the authentication message in UE, improper authentication may lead to information disclosure. 315 5g iot firmware, 9205 lte firmware, AR8035 Multiple Qualcomm products, such as firmware, contain vulnerabilities related to authentication.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2024-38426 // JVNDB: JVNDB-2024-020278

AFFECTED PRODUCTS

vendor:クアルコムmodel:315 5g iotscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:fastconnect 6900scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6320scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:csra6620scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6310scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:mdm9640scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6391scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:fastconnect 6200scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:csrb31024scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca4004scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:fastconnect 7800scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:msm8996auscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6174ascope: - version: -

Trust: 0.8

vendor:クアルコムmodel:mdm9205sscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:csra6640scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:fastconnect 6800scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:mdm9628scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:fastconnect 6700scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:ar8035scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:9205 ltescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2024-020278

CVSS

SEVERITY

CVSSV2

CVSSV3

product-security@qualcomm.com: CVE-2024-38426
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2024-38426
value: MEDIUM

Trust: 1.0

NVD: CVE-2024-38426
value: MEDIUM

Trust: 0.8

product-security@qualcomm.com: CVE-2024-38426
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 2.5
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2024-38426
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2024-38426
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-020278 // NVD: CVE-2024-38426 // NVD: CVE-2024-38426

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.0

problemtype:Inappropriate authentication (CWE-287) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-020278 // NVD: CVE-2024-38426

EXTERNAL IDS

db:NVDid:CVE-2024-38426

Trust: 2.6

db:JVNDBid:JVNDB-2024-020278

Trust: 0.8

sources: JVNDB: JVNDB-2024-020278 // NVD: CVE-2024-38426

REFERENCES

url:https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-38426

Trust: 0.8

sources: JVNDB: JVNDB-2024-020278 // NVD: CVE-2024-38426

SOURCES

db:JVNDBid:JVNDB-2024-020278
db:NVDid:CVE-2024-38426

LAST UPDATE DATE

2025-03-13T22:56:14.665000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2024-020278date:2025-03-12T06:33:00
db:NVDid:CVE-2024-38426date:2025-03-06T15:21:24.387

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2024-020278date:2025-03-12T00:00:00
db:NVDid:CVE-2024-38426date:2025-03-03T11:15:11.260