CVE-2017-18326

MEDIUM

Qualcomm Snapdragon Mobile and Wear Firmware - Exposure of Sensitive Cryptographic Keys in Modem Debug Messages

Title source: llm
STIX 2.1

Description

Cryptographic keys are printed in modem debug messages in snapdragon mobile and snapdragon wear in versions MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 636, SD 650/52, SD 800, SD 810, SD 820, SD 835, SDA660, SDM630, SDM660, Snapdragon_High_Med_2016.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/106128

Scores

CVSS v3 5.5
EPSS 0.0005
EPSS Percentile 16.1%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (34)
qualcomm/mdm9607_firmware
qualcomm/mdm9615_firmware
qualcomm/mdm9625_firmware
qualcomm/mdm9635m_firmware
qualcomm/mdm9640_firmware
qualcomm/mdm9645_firmware
qualcomm/mdm9650_firmware
qualcomm/mdm9655_firmware
qualcomm/msm8909w_firmware
qualcomm/sd_205_firmware
... and 24 more
Published Jan 03, 2019
Tracked Since Feb 18, 2026