Sign-up

ID

VAR-201608-0407


CVE

CVE-2014-9901


TITLE

Nexus 7 (2013) Run on device Android of Qualcomm Wi-Fi Service disruption in drivers (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-004194

DESCRIPTION

The Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices makes incorrect snprintf calls, which allows remote attackers to cause a denial of service (device hang or reboot) via crafted frames, aka Android internal bug 28670333 and Qualcomm internal bug CR548711. Vendors have confirmed this vulnerability Android internal bug 28670333 and Qualcomm internal bug CR548711 It is released as. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlService disruption through a specially crafted frame by a third party ( Device hang or reboot ) There is a possibility of being put into a state. GoogleNexus is a high-end mobile phone series powered by Google\342\200\231s original Android system. A denial of service vulnerability exists in GoogleNexus that could be exploited by a remote attacker to cause a denial of service. Google Nexus is prone to denial-of-service vulnerability. This issue is being tracked by Android Bug ID A-28670333

Trust: 2.52

sources: NVD: CVE-2014-9901 // JVNDB: JVNDB-2016-004194 // CNVD: CNVD-2016-06095 // BID: 92247 // VULMON: CVE-2014-9901

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-06095

AFFECTED PRODUCTS

vendor:googlemodel:androidscope:lteversion:6.0.1

Trust: 1.0

vendor:googlemodel:androidscope:eqversion:2016-08-05

Trust: 0.8

vendor:googlemodel:nexusscope: - version: -

Trust: 0.6

vendor:googlemodel:androidscope:eqversion:6.0.1

Trust: 0.6

vendor:googlemodel:nexusscope:eqversion:7

Trust: 0.3

sources: CNVD: CNVD-2016-06095 // BID: 92247 // JVNDB: JVNDB-2016-004194 // CNNVD: CNNVD-201608-097 // NVD: CVE-2014-9901

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-9901
value: HIGH

Trust: 1.0

NVD: CVE-2014-9901
value: HIGH

Trust: 0.8

CNVD: CNVD-2016-06095
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201608-097
value: HIGH

Trust: 0.6

VULMON: CVE-2014-9901
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-9901
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2016-06095
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2014-9901
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-06095 // VULMON: CVE-2014-9901 // JVNDB: JVNDB-2016-004194 // CNNVD: CNNVD-201608-097 // NVD: CVE-2014-9901

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2016-004194 // NVD: CVE-2014-9901

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201608-097

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201608-097

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-004194

PATCH
title:Android Security Bulletin-August 2016url:http://source.android.com/security/bulletin/2016-08-01.html
Trust: 0.8
title:wlan: Replace snprintf with scnprintfurl:https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=637f0f7931dd7265ac1c250dc2884d6389c66bde
Trust: 0.8
title:GoogleNexus denial of service vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/80131
Trust: 0.6
title:Android on Nexus Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63489
Trust: 0.6
title:Android Security Bulletins: Android Security Bulletin—August 2016url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=1c52474e34daae48915f8b4129072a86
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-06095 // 
            
            
            
            VULMON: CVE-2014-9901 // 
            
            
            
            JVNDB: JVNDB-2016-004194 // 
            
            
            
            CNNVD: CNNVD-201608-097

EXTERNAL IDS
db:NVDid:CVE-2014-9901
Trust: 3.4
db:BIDid:92247
Trust: 2.0
db:JVNDBid:JVNDB-2016-004194
Trust: 0.8
db:CNVDid:CNVD-2016-06095
Trust: 0.6
db:CNNVDid:CNNVD-201608-097
Trust: 0.6
db:VULMONid:CVE-2014-9901
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-06095 // 
            
            
            
            VULMON: CVE-2014-9901 // 
            
            
            
            BID: 92247 // 
            
            
            
            JVNDB: JVNDB-2016-004194 // 
            
            
            
            CNNVD: CNNVD-201608-097 // 
            
            
            
            NVD: CVE-2014-9901

REFERENCES
url:http://source.android.com/security/bulletin/2016-08-01.html
Trust: 2.1
url:https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=637f0f7931dd7265ac1c250dc2884d6389c66bde
Trust: 2.0
url:http://www.securityfocus.com/bid/92247
Trust: 1.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9901
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9901
Trust: 0.8
url:http://code.google.com/android/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/284.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-06095 // 
            
            
            
            VULMON: CVE-2014-9901 // 
            
            
            
            BID: 92247 // 
            
            
            
            JVNDB: JVNDB-2016-004194 // 
            
            
            
            CNNVD: CNNVD-201608-097 // 
            
            
            
            NVD: CVE-2014-9901

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 92247

SOURCES
db:CNVDid:CNVD-2016-06095
db:VULMONid:CVE-2014-9901
db:BIDid:92247
db:JVNDBid:JVNDB-2016-004194
db:CNNVDid:CNNVD-201608-097
db:NVDid:CVE-2014-9901

LAST UPDATE DATE
2025-04-12T23:25:45.672000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-06095date:2016-08-08T00:00:00
db:VULMONid:CVE-2014-9901date:2016-11-28T00:00:00
db:BIDid:92247date:2016-08-01T00:00:00
db:JVNDBid:JVNDB-2016-004194date:2016-08-10T00:00:00
db:CNNVDid:CNNVD-201608-097date:2016-08-09T00:00:00
db:NVDid:CVE-2014-9901date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-06095date:2016-08-08T00:00:00
db:VULMONid:CVE-2014-9901date:2016-08-05T00:00:00
db:BIDid:92247date:2016-08-01T00:00:00
db:JVNDBid:JVNDB-2016-004194date:2016-08-10T00:00:00
db:CNNVDid:CNNVD-201608-097date:2016-08-09T00:00:00
db:NVDid:CVE-2014-9901date:2016-08-05T20:59:00.197