Details of VAR-202503-0307

ID

VAR-202503-0307

CVE

CVE-2024-38426

TITLE

Authentication vulnerabilities in multiple Qualcomm products

Trust: 0.8

sources: JVNDB: JVNDB-2024-020278

DESCRIPTION

While processing the authentication message in UE, improper authentication may lead to information disclosure. 315 5g iot firmware, 9205 lte firmware, AR8035 Multiple Qualcomm products, such as firmware, contain vulnerabilities related to authentication.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2024-38426 // JVNDB: JVNDB-2024-020278

AFFECTED PRODUCTS

vendor:	qualcomm	model:	snapdragon 480\+ 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcc711	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	fastconnect 6900	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 678	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 765g 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon x62 5g-rf	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	fastconnect 6800	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 685 4g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3990	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9380	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3950	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 4 gen 1	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	csra6640	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon x72 5g-rf	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wsa8840	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	robotics rb2	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca9367	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx80m	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wsa8835	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9341	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcn9024	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs610	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcm6125	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 8 gen1 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs2290	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 429	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon x55 5g-rf	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 730	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn6450	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9390	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs6125	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9378	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 732g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 768g 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 8 gen 1	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ar8035	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 665	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcn6274	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon x35 5g-rf	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	smart audio 400	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs4290	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9370	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6584	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3980	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3988	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wsa8815	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3660b	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 675	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qts110	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9628	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca8081	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx55	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wsa8845	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3620	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca9377	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qfw7114	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon x75 5g-rf	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon wear 1300	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon auto 4g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6391	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6584au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn6650	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 690 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon x70-rf	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6320	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	205	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sw5100p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcm2150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8996au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6564a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx61	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm7250p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd730	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sg4150p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3910	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn7861	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcn6224	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn7881	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9375	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon wear 4100\+	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	fastconnect 7800	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcm4325	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	video collaboration vc1 platform	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	fastconnect 6700	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 212	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 675	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sw5100	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 439	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcm2290	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	9205 lte	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm7635	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 680 4g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qep8111	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9335	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wsa8830	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	csrb31024	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6696	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn6755	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	315 5g iot	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3680	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wsa8810	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 662	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcc710	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm8635	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon w5\+ gen 1	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9640	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm6650	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9385	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx57m	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9371	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6574a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcm4290	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3680b	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 480 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 765 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 865 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon x12 lte	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs410	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 835 mobile pc	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wsa8845h	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9205s	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 460	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 695 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon auto 5g-rf	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm8635p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6574au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6595au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs4490	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm8650q	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon x65 5g-rf	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	215	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd675	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3610	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 8 gen 3	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 870 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm7675	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9306	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd835	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qfw7124	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm429w	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	csra6620	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6310	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 730g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6174a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon x5 lte	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3615	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9395	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca8337	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcm4490	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon auto 5g-rf gen 2	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx71m	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 8657\+ 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6564au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wsa8832	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	video collaboration vc3 platform	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	snapdragon 210	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6698aq	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	fastconnect 6200	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcn6024	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm7675p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca4004	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9326	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9340	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9330	scope:	eq	version:	-	Trust: 1.0
vendor:	クアルコム	model:	315 5g iot	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	fastconnect 6900	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qca6320	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	csra6620	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qca6310	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	mdm9640	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qca6391	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	fastconnect 6200	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	csrb31024	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qca4004	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	fastconnect 7800	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	msm8996au	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qca6174a	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	mdm9205s	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	csra6640	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	fastconnect 6800	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	mdm9628	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	fastconnect 6700	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	ar8035	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	9205 lte	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2024-020278 // NVD: CVE-2024-38426

CVSS

SEVERITY

CVSSV2

CVSSV3

product-security@qualcomm.com:	CVE-2024-38426
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2024-38426
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2024-38426
value:	MEDIUM
Trust: 0.8

product-security@qualcomm.com:	CVE-2024-38426
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	2.5
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2024-38426
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2024-38426
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2024-020278 // NVD: CVE-2024-38426 // NVD: CVE-2024-38426

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.0
problemtype:	Inappropriate authentication (CWE-287) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-020278 // NVD: CVE-2024-38426

EXTERNAL IDS

db:	NVD	id:	CVE-2024-38426	Trust: 2.6
db:	JVNDB	id:	JVNDB-2024-020278	Trust: 0.8

sources: JVNDB: JVNDB-2024-020278 // NVD: CVE-2024-38426

REFERENCES

url:	https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-38426	Trust: 0.8

sources: JVNDB: JVNDB-2024-020278 // NVD: CVE-2024-38426

SOURCES

db:	JVNDB	id:	JVNDB-2024-020278
db:	NVD	id:	CVE-2024-38426

LAST UPDATE DATE

2025-08-11T23:09:18.957000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2024-020278	date:	2025-03-12T06:33:00
db:	NVD	id:	CVE-2024-38426	date:	2025-08-11T15:06:17.607

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2024-020278	date:	2025-03-12T00:00:00
db:	NVD	id:	CVE-2024-38426	date:	2025-03-03T11:15:11.260