← Back to CVEs
CVE-2018-11922
CRITICAL9.8
Description
Wrong configuration in Touch Pal application can collect user behavior data without awareness by the user.
CVE Details
CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published11/26/2024
Last Modified1/9/2025
Sourcenvd
Honeypot Sightings0
Affected Products
qualcomm:215qualcomm:215_firmwarequalcomm:mdm9206qualcomm:mdm9206_firmwarequalcomm:mdm9607qualcomm:mdm9607_firmwarequalcomm:mdm9640qualcomm:mdm9640_firmwarequalcomm:mdm9650qualcomm:mdm9650_firmwarequalcomm:sd_205qualcomm:sd_205_firmwarequalcomm:sd_210qualcomm:sd_210_firmwarequalcomm:sd_212qualcomm:sd_212_firmwarequalcomm:sd_425qualcomm:sd_425_firmwarequalcomm:sd_427qualcomm:sd_427_firmwarequalcomm:sd_429qualcomm:sd_429_firmwarequalcomm:sd_430qualcomm:sd_430_firmwarequalcomm:sd_435qualcomm:sd_435_firmwarequalcomm:sd_439qualcomm:sd_439_firmwarequalcomm:sd_450qualcomm:sd_450_firmwarequalcomm:sd_625qualcomm:sd_625_firmwarequalcomm:sd_632qualcomm:sd_632_firmwarequalcomm:sd_845qualcomm:sd_845_firmwarequalcomm:sd_850qualcomm:sd_850_firmwarequalcomm:sda660qualcomm:sda660_firmwarequalcomm:sdm439qualcomm:sdm439_firmwarequalcomm:sdx20qualcomm:sdx20_firmware
Weaknesses (CWE)
CWE-16
References
https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html(product-security@qualcomm.com)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.