CVE-2020-11117
Severity CVSS v4.0:
Pending analysis
Type:
CWE-77
Command Injection
Publication date:
08/09/2020
Last modified:
28/04/2022
Description
u'In the lbd service, an external user can issue a specially crafted debug command to overwrite arbitrary files with arbitrary content resulting in remote code execution.' in Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ6018, IPQ8064, IPQ8074, QCA4531, QCA9531, QCA9980
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:qualcomm:ipq4019_firmware:-:*:*:*:*:*:*:* | ||
cpe:2.3:h:qualcomm:ipq4019:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:qualcomm:ipq6018_firmware:-:*:*:*:*:*:*:* | ||
cpe:2.3:h:qualcomm:ipq6018:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:qualcomm:ipq8064_firmware:-:*:*:*:*:*:*:* | ||
cpe:2.3:h:qualcomm:ipq8064:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:qualcomm:ipq8074_firmware:-:*:*:*:*:*:*:* | ||
cpe:2.3:h:qualcomm:ipq8074:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:qualcomm:qca4531_firmware:-:*:*:*:*:*:*:* | ||
cpe:2.3:h:qualcomm:qca4531:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:qualcomm:qca9531_firmware:-:*:*:*:*:*:*:* | ||
cpe:2.3:h:qualcomm:qca9531:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:qualcomm:qca9980_firmware:-:*:*:*:*:*:*:* | ||
cpe:2.3:h:qualcomm:qca9980:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page