Vulnerability

CVE-2019-2289

Component: CELLULAR
Location: FIRMWARE
Lack of integrity check allows MODEM to accept any NAS messages which can result into authentication bypass of NAS in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8976, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130

Impact

Severity (Manufact.)

N/A

Severity (NIST)

9.8

Severity (Android)

N/A

Chipsets

27

Devices

1377

Affected Hardware

NameAlso known asManufacturer
MSM8905
Qualcomm 205
Qualcomm
MSM8909
Snapdragon 210
Qualcomm
QM215
Qualcomm 215
Qualcomm
MSM8917
Snapdragon 425
Qualcomm
MSM8920
Snapdragon 427
Qualcomm
MSM8937
Snapdragon 430
Qualcomm
MSM8940
Snapdragon 435
Qualcomm
SDM429
Snapdragon 429
Qualcomm
SDM439
Snapdragon 439
Qualcomm
SDM450
Snapdragon 450
Qualcomm
27 of 27 row(s) shown.

Rows per page

Page 1 of 3

Timeline

Introduced (est):
Jan 1, 2014
Reported:
Dec 27, 2018
Advisory Published:
Oct 7, 2019
CVE Published:
Nov 21, 2019
Android Patch Level:
None
For more information and a detailed analysis of the data presented on this website, please see our paper, to be presented at NDSS'25.
Follow us on Twitter
Contact usData privacy policyImprint