CVE-2020-11117
CRITICALQualcomm IPQ4019/IPQ6018/IPQ8064/IPQ8074/QCA4531/QCA9531/QCA9980 Firmware - RCE via lbd Service Debug Command
Title source: llmDescription
u'In the lbd service, an external user can issue a specially crafted debug command to overwrite arbitrary files with arbitrary content resulting in remote code execution.' in Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ6018, IPQ8064, IPQ8074, QCA4531, QCA9531, QCA9980
References (2)
Core 2
Core References
Broken Link x_refsource_confirm
https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin
Exploit, Third Party Advisory x_refsource_misc
https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1065
Scores
CVSS v3
9.8
EPSS
0.0359
EPSS Percentile
87.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-77
Status
published
Products (7)
qualcomm/ipq4019_firmware
qualcomm/ipq6018_firmware
qualcomm/ipq8064_firmware
qualcomm/ipq8074_firmware
qualcomm/qca4531_firmware
qualcomm/qca9531_firmware
qualcomm/qca9980_firmware
Published
Sep 08, 2020
Tracked Since
Feb 18, 2026