CVE-2021-1965

CRITICAL

Qualcomm Aqt1000 Firmware - Improper Input Validation

Title source: rule

Description

Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

Exploits (2)

inthewild

poc

https://github.com/parsdefense/cve-2021-1965

View on inthewild

inthewild WORKING POC

poc

https://github.com/foxtrot/cve-2021-1965

View Code ZIP pw:eip

References (1)

[Patch, Vendor Advisory] https://www.qualcomm.com/company/product-security/bulletins/july-2021-bulletin

Scores

CVSS v3 9.8

EPSS 0.2745

EPSS Percentile 96.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-20 CWE-120

Status published

Products (50)

qualcomm/aqt1000_firmware

qualcomm/ar9380_firmware

qualcomm/csr8811_firmware

qualcomm/ipq4018_firmware

qualcomm/ipq4019_firmware

qualcomm/ipq4028_firmware

qualcomm/ipq4029_firmware

qualcomm/ipq5010_firmware

qualcomm/ipq5018_firmware

qualcomm/ipq5028_firmware

... and 40 more

Published Jul 13, 2021

Tracked Since Feb 18, 2026