CVE-2018-11922

CRITICAL

9.8

Description

Wrong configuration in Touch Pal application can collect user behavior data without awareness by the user.

Details CVE

Score CVSS v3.19.8

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie11/26/2024

Derniere modification1/9/2025

Sourcenvd

Observations honeypot0

Produits affectes

qualcomm:215qualcomm:215_firmwarequalcomm:mdm9206qualcomm:mdm9206_firmwarequalcomm:mdm9607qualcomm:mdm9607_firmwarequalcomm:mdm9640qualcomm:mdm9640_firmwarequalcomm:mdm9650qualcomm:mdm9650_firmwarequalcomm:sd_205qualcomm:sd_205_firmwarequalcomm:sd_210qualcomm:sd_210_firmwarequalcomm:sd_212qualcomm:sd_212_firmwarequalcomm:sd_425qualcomm:sd_425_firmwarequalcomm:sd_427qualcomm:sd_427_firmwarequalcomm:sd_429qualcomm:sd_429_firmwarequalcomm:sd_430qualcomm:sd_430_firmwarequalcomm:sd_435qualcomm:sd_435_firmwarequalcomm:sd_439qualcomm:sd_439_firmwarequalcomm:sd_450qualcomm:sd_450_firmwarequalcomm:sd_625qualcomm:sd_625_firmwarequalcomm:sd_632qualcomm:sd_632_firmwarequalcomm:sd_845qualcomm:sd_845_firmwarequalcomm:sd_850qualcomm:sd_850_firmwarequalcomm:sda660qualcomm:sda660_firmwarequalcomm:sdm439qualcomm:sdm439_firmwarequalcomm:sdx20qualcomm:sdx20_firmware

Faiblesses (CWE)

CWE-16

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html(product-security@qualcomm.com)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.