9.8
CRITICAL
CVE-2020-3669
Snapdragon WLAN Buffer Overflow Vulnerability
Description

u'Buffer Overflow issue in WLAN tcp ip verification due to usage of out of range pointer offset' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8098, IPQ5018, IPQ6018, IPQ8074, Kamorta, MSM8998, Nicobar, QCA6390, QCA8081, QCN7605, QCS404, QCS405, QCS605, Rennell, SA415M, SC7180, SC8180X, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SM8250, SXR1130

INFO

Published Date :

Sept. 8, 2020, 10:15 a.m.

Last Modified :

Nov. 21, 2024, 5:31 a.m.

Remotely Exploitable :

Yes !

Impact Score :

5.9

Exploitability Score :

3.9
Public PoC/Exploit Available at Github

CVE-2020-3669 has a 1 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2020-3669 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Qualcomm qca6390_firmware
2 Qualcomm ipq6018_firmware
3 Qualcomm ipq8074_firmware
4 Qualcomm qca8081_firmware
5 Qualcomm sdm660_firmware
6 Qualcomm sm8150_firmware
7 Qualcomm sm8250_firmware
8 Qualcomm sa415m_firmware
9 Qualcomm ipq5018_firmware
10 Qualcomm qcs605_firmware
11 Qualcomm qcs405_firmware
12 Qualcomm qcn7605_firmware
13 Qualcomm apq8098_firmware
14 Qualcomm msm8998_firmware
15 Qualcomm qcs404_firmware
16 Qualcomm sc7180_firmware
17 Qualcomm sc8180x_firmware
18 Qualcomm sda845_firmware
19 Qualcomm sdm845_firmware
20 Qualcomm sdm670_firmware
21 Qualcomm sdm710_firmware
22 Qualcomm sdm850_firmware
23 Qualcomm sm6150_firmware
24 Qualcomm sm7150_firmware
25 Qualcomm sdm630_firmware
26 Qualcomm sdm636_firmware
27 Qualcomm sxr1130_firmware
28 Qualcomm rennell_firmware
29 Qualcomm nicobar_firmware
30 Qualcomm kamorta_firmware
31 Qualcomm qca6390
32 Qualcomm qcs405
33 Qualcomm qcs605
34 Qualcomm sa415m
35 Qualcomm sdm630
36 Qualcomm ipq6018
37 Qualcomm ipq8074
38 Qualcomm qca8081
39 Qualcomm qcn7605
40 Qualcomm ipq5018
41 Qualcomm apq8098
42 Qualcomm kamorta
43 Qualcomm msm8998
44 Qualcomm nicobar
45 Qualcomm qcs404
46 Qualcomm rennell
47 Qualcomm sc7180
48 Qualcomm sc8180x
49 Qualcomm sda845
50 Qualcomm sdm636
51 Qualcomm sdm660
52 Qualcomm sdm670
53 Qualcomm sdm710
54 Qualcomm sdm845
55 Qualcomm sdm850
56 Qualcomm sm6150
57 Qualcomm sm7150
58 Qualcomm sm8150
59 Qualcomm sm8250
60 Qualcomm sxr1130
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2020-3669.

URL Resource
https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin Broken Link Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin Broken Link Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

CVE Data Analysis, CVE Monitor, CVE EXP Prediction Based on Deep Learning. 1999-2020年存量CVE数据分析、监控CVE增量更新、基于深度学习的CVE EXP预测和自动化推送

Python

Updated: 2 weeks, 4 days ago
176 stars 24 fork 24 watcher
Born at : June 15, 2020, 2:56 p.m. This repo has been linked 692 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2020-3669 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2020-3669 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin
  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • Initial Analysis by [email protected]

    Sep. 11, 2020

    Action Type Old Value New Value
    Added CVSS V2 NIST (AV:N/AC:L/Au:N/C:C/I:C/A:C)
    Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin No Types Assigned https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin Broken Link, Vendor Advisory
    Added CWE NIST CWE-119
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:apq8098_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:apq8098:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:ipq5018_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:ipq5018:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:ipq6018_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:ipq6018:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:ipq8074_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:ipq8074:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:kamorta_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:kamorta:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:msm8998_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:msm8998:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:nicobar_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:nicobar:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qca6390_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qca6390:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qca8081_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qca8081:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qcn7605_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qcn7605:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qcs404_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qcs404:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qcs405_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qcs405:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qcs605:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:rennell_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:rennell:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sa415m_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sa415m:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sc7180_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sc7180:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sc8180x_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sc8180x:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sda845_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sda845:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sdm630_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sdm630:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sdm636_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sdm636:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sdm660_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sdm660:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sdm670_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sdm670:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sdm710_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sdm710:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sdm845_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sdm845:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sdm850_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sdm850:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sm6150_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sm6150:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sm7150_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sm7150:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sm8150_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sm8150:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sm8250_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sm8250:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sxr1130_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sxr1130:-:*:*:*:*:*:*:*
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.33 }} 0.09%

score

0.66841

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability