CVE-2018-11922

CRITICAL

9.8

Descricao

Wrong configuration in Touch Pal application can collect user behavior data without awareness by the user.

Detalhes CVE

Pontuacao CVSS v3.19.8

SeveridadeCRITICAL

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosNONE

Interacao do usuarioNONE

Publicado11/26/2024

Ultima modificacao1/9/2025

Fontenvd

Avistamentos honeypot0

Produtos afetados

qualcomm:215qualcomm:215_firmwarequalcomm:mdm9206qualcomm:mdm9206_firmwarequalcomm:mdm9607qualcomm:mdm9607_firmwarequalcomm:mdm9640qualcomm:mdm9640_firmwarequalcomm:mdm9650qualcomm:mdm9650_firmwarequalcomm:sd_205qualcomm:sd_205_firmwarequalcomm:sd_210qualcomm:sd_210_firmwarequalcomm:sd_212qualcomm:sd_212_firmwarequalcomm:sd_425qualcomm:sd_425_firmwarequalcomm:sd_427qualcomm:sd_427_firmwarequalcomm:sd_429qualcomm:sd_429_firmwarequalcomm:sd_430qualcomm:sd_430_firmwarequalcomm:sd_435qualcomm:sd_435_firmwarequalcomm:sd_439qualcomm:sd_439_firmwarequalcomm:sd_450qualcomm:sd_450_firmwarequalcomm:sd_625qualcomm:sd_625_firmwarequalcomm:sd_632qualcomm:sd_632_firmwarequalcomm:sd_845qualcomm:sd_845_firmwarequalcomm:sd_850qualcomm:sd_850_firmwarequalcomm:sda660qualcomm:sda660_firmwarequalcomm:sdm439qualcomm:sdm439_firmwarequalcomm:sdx20qualcomm:sdx20_firmware

Fraquezas (CWE)

CWE-16

Referencias

https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html(product-security@qualcomm.com)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.