Memory Corruption in IMS while calling VoLTE Streamingmedia Interface
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
| 68630edc-a58c-4cbd-9b01-0e130455c8ae | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:L | 1.4 | 4.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asrmicro | asr1806_firmware | * |
| asrmicro | asr1803_firmware | * |
Security best practices violations, a string operation in Streamingmedia will write past the end of fixed-size destination buffer if the source buffer is too large.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N | 3.9 | 3.6 |
| 68630edc-a58c-4cbd-9b01-0e130455c8ae | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:L | 1.4 | 4.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asrmicro | asr1806_firmware | cp01.057.063 |
| asrmicro | asr1803_firmware | cp01.057.063 |
Memory Corruption in SIM management while USIMPhase2init
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
| 68630edc-a58c-4cbd-9b01-0e130455c8ae | 7.2 | HIGH | CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:L/I:H/A:H | 0.7 | 6.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asrmicro | asr1806_firmware | cp01.057.063 |
| asrmicro | asr1803_firmware | cp01.057.063 |
In OffloadAMRWriter, a scalar field is not initialized so will contain an arbitrary value left over from earlier computations
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 68630edc-a58c-4cbd-9b01-0e130455c8ae | 5.8 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H | 1.3 | 4.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asrmicro | asr3602_firmware | * |
| asrmicro | asr1806_firmware | * |
| asrmicro | asr1803_firmware | * |
| asrmicro | asr1603_firmware | * |
| asrmicro | asr3603_firmware | * |
| asrmicro | asr1803sc_firmware | * |
| asrmicro | asr1602_firmware | * |
| asrmicro | asr3605_firmware | * |
| asrmicro | asr1606_firmware | * |
| asrmicro | asr1605_firmware | * |
| asrmicro | asr1609_firmware | * |
| asrmicro | asr3607_firmware | * |
| asrmicro | asr1607_firmware | * |
Out-of-Bounds read in ciCCIOTOPT in ASR180X will cause incorrect computations.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 68630edc-a58c-4cbd-9b01-0e130455c8ae | 7.2 | HIGH | CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H | 1.3 | 5.3 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asrmicro | asr3602_firmware | * |
| asrmicro | asr1806_firmware | * |
| asrmicro | asr1803_firmware | * |
| asrmicro | asr1603_firmware | * |
| asrmicro | asr3603_firmware | * |
| asrmicro | asr1803sc_firmware | * |
| asrmicro | asr1602_firmware | * |
| asrmicro | asr3605_firmware | * |
| asrmicro | asr1606_firmware | * |
| asrmicro | asr1605_firmware | * |
| asrmicro | asr1609_firmware | * |
| asrmicro | asr3607_firmware | * |
| asrmicro | asr1607_firmware | * |
A value in ATCMD will be misinterpreted by printf, causing incorrect output and possibly out-of-bounds memory access
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 68630edc-a58c-4cbd-9b01-0e130455c8ae | 6.6 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H | 2.1 | 4.0 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asrmicro | asr3602_firmware | * |
| asrmicro | asr1806_firmware | * |
| asrmicro | asr1803_firmware | * |
| asrmicro | asr1603_firmware | * |
| asrmicro | asr3603_firmware | * |
| asrmicro | asr1803sc_firmware | * |
| asrmicro | asr1602_firmware | * |
| asrmicro | asr3605_firmware | * |
| asrmicro | asr1606_firmware | * |
| asrmicro | asr1605_firmware | * |
| asrmicro | asr1609_firmware | * |
| asrmicro | asr3607_firmware | * |
| asrmicro | asr1607_firmware | * |
An unsigned value can never be negative, so eMMC full disk test will always evaluate the same way.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 68630edc-a58c-4cbd-9b01-0e130455c8ae | 4.0 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L | 0.9 | 2.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asrmicro | asr3602_firmware | * |
| asrmicro | asr1806_firmware | * |
| asrmicro | asr1803_firmware | * |
| asrmicro | asr1603_firmware | * |
| asrmicro | asr3603_firmware | * |
| asrmicro | asr1803sc_firmware | * |
| asrmicro | asr1602_firmware | * |
| asrmicro | asr3605_firmware | * |
| asrmicro | asr1606_firmware | * |
| asrmicro | asr1605_firmware | * |
| asrmicro | asr1609_firmware | * |
| asrmicro | asr3607_firmware | * |
| asrmicro | asr1607_firmware | * |
In huge memory get unmapped area check, code can never be reached because of a logical contradiction.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 68630edc-a58c-4cbd-9b01-0e130455c8ae | 6.1 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:H | 0.9 | 4.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asrmicro | asr3602_firmware | * |
| asrmicro | asr1806_firmware | * |
| asrmicro | asr1803_firmware | * |
| asrmicro | asr1603_firmware | * |
| asrmicro | asr3603_firmware | * |
| asrmicro | asr1803sc_firmware | * |
| asrmicro | asr1602_firmware | * |
| asrmicro | asr3605_firmware | * |
| asrmicro | asr1606_firmware | * |
| asrmicro | asr1605_firmware | * |
| asrmicro | asr1609_firmware | * |
| asrmicro | asr3607_firmware | * |
| asrmicro | asr1607_firmware | * |
Out-of-bounds access in ASR180x 、ASR190x in lte-telephony, This vulnerability is associated with program files apps/lzma/src/LzmaEnc.c. This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 68630edc-a58c-4cbd-9b01-0e130455c8ae | 7.4 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L | 3.1 | 3.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asrmicro | kestrel | * |
| asrmicro | lapwing_linux | * |
| asrmicro | falcon_linux | * |
Improper Resource Shutdown or Release vulnerability in ASR180x 、ASR190x in router modules allows Resource Leak Exposure. This vulnerability is associated with program files router/phonebook/pbwork-queue.C. This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 68630edc-a58c-4cbd-9b01-0e130455c8ae | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L | 2.8 | 2.5 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asrmicro | kestrel | * |
| asrmicro | lapwing_linux | * |
| asrmicro | falcon_linux | * |
Improper Resource Shutdown or Release vulnerability in ASR180x 、ASR190x in tr069 modules allows Resource Leak Exposure. This vulnerability is associated with program files tr069/tr098.c. This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 68630edc-a58c-4cbd-9b01-0e130455c8ae | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L | 2.8 | 2.5 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asrmicro | kestrel | * |
| asrmicro | lapwing_linux | * |
| asrmicro | falcon_linux | * |
Improper Resource Shutdown or Release vulnerability in ASR180x 、ASR190x in tr069 modules allows Resource Leak Exposure. This vulnerability is associated with program files tr069/tr069_uci.c. This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 68630edc-a58c-4cbd-9b01-0e130455c8ae | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L | 2.8 | 2.5 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asrmicro | kestrel | * |
| asrmicro | lapwing_linux | * |
| asrmicro | falcon_linux | * |
Improper Resource Shutdown or Release vulnerability in ASR180x 、ASR190x in router components allows Resource Leak Exposure. This vulnerability is associated with program files router/phonebook/pb.c. This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 68630edc-a58c-4cbd-9b01-0e130455c8ae | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L | 2.8 | 2.5 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asrmicro | kestrel | * |
| asrmicro | lapwing_linux | * |
| asrmicro | falcon_linux | * |
Improper Resource Shutdown or Release vulnerability in ASR Falcon_Linux、Kestrel、Lapwing_Linux on Linux (con_mgr components) allows Resource Leak Exposure. This vulnerability is associated with program files con_mgr/dialer_task.C. This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 68630edc-a58c-4cbd-9b01-0e130455c8ae | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L | 2.8 | 2.5 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asrmicro | kestrel | * |
| asrmicro | lapwing_linux | * |
| asrmicro | falcon_linux | * |
Resource leak vulnerability in ASR180x in router allows Resource Leak Exposure. This vulnerability is associated with program files router/sms/sms.c. This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 68630edc-a58c-4cbd-9b01-0e130455c8ae | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L | 2.8 | 2.5 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asrmicro | kestrel | * |
| asrmicro | lapwing_linux | * |
| asrmicro | falcon_linux | * |
Improper Resource Shutdown or Release vulnerability in ASR Falcon_Linux、Kestrel、Lapwing_Linux on Linux (traffic_stat modules) allows Resource Leak Exposure. This vulnerability is associated with program files traffic_stat/traffic_service/traffic_service.C. This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 68630edc-a58c-4cbd-9b01-0e130455c8ae | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L | 2.8 | 2.5 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asrmicro | kestrel | * |
| asrmicro | lapwing_linux | * |
| asrmicro | falcon_linux | * |
Out-of-bounds write in ASR180x in lte-telephony, May cause a buffer underrun. This vulnerability is associated with program files apps/atcmd_server/src/dev_api.C. This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 68630edc-a58c-4cbd-9b01-0e130455c8ae | 7.4 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L | 3.1 | 3.7 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asrmicro | kestrel | * |
| asrmicro | lapwing_linux | * |
| asrmicro | falcon_linux | * |
Resource leak vulnerability in ASR180x、ASR190x in con_mgr allows Resource Leak Exposure.This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 68630edc-a58c-4cbd-9b01-0e130455c8ae | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L | 2.8 | 2.5 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| asrmicro | kestrel | * |
| asrmicro | lapwing_linux | * |
| asrmicro | falcon_linux | * |