CVE-2023-33105

HIGH

Qualcomm AR8035 and other Firmware - Denial of Service via Invalid Transaction Sequence Number

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-33105. PoCs published by D3adP3nguin.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2023-33105, a transient DoS vulnerability in Qualcomm WLAN Host and Firmware. The exploit sends malformed authentication frames with invalid transaction sequence numbers to disrupt target access points.

Description

Transient DOS in WLAN Host and Firmware when large number of open authentication frames are sent with an invalid transaction sequence number.

Exploits (1)

nomisec WORKING POC 3 stars
by D3adP3nguin · poc
https://github.com/D3adP3nguin/CVE-2023-33105-Transient-DOS-in-WLAN-Host-and-Firmware

This repository contains a functional exploit for CVE-2023-33105, a transient DoS vulnerability in Qualcomm WLAN Host and Firmware. The exploit sends malformed authentication frames with invalid transaction sequence numbers to disrupt target access points.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Qualcomm WLAN Host and Firmware (affected versions not specified)
No auth needed
Prerequisites: Python 3.x · Scapy · Airodump-ng · Wireless network adapter capable of injection · Monitor mode enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 7.5
EPSS 0.0075
EPSS Percentile 50.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-16
Status published
Products (50)
qualcomm/ar8035_firmware
qualcomm/ar9380_firmware
qualcomm/csr8811_firmware
qualcomm/fastconnect_6700_firmware
qualcomm/fastconnect_6900_firmware
qualcomm/fastconnect_7800_firmware
qualcomm/flight_rb5_5g_firmware
qualcomm/immersive_home_214_firmware
qualcomm/immersive_home_216_firmware
qualcomm/immersive_home_316_firmware
... and 40 more
Published Mar 04, 2024
Tracked Since Feb 18, 2026