CVE-2022-25674

moderate-risk

Published 2022-11-15

Cryptographic issues in WLAN during the group key handshake of the WPA/WPA2 protocol in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music

Do I need to act?

0.29% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.5/10 Medium

NETWORK / LOW complexity

Affected Products (16)

Ar8031 Firmware

Csra6620 Firmware

Csra6640 Firmware

Mdm9205 Firmware

Qca4004 Firmware

Qca4010 Firmware

Qca4020 Firmware

Qca4024 Firmware

Qcs405 Firmware

Wcd9306 Firmware

Wcd9335 Firmware

Wcn3980 Firmware

Wcn3998 Firmware

Wcn3999 Firmware

Wsa8810 Firmware

Wsa8815 Firmware

Affected Vendors

Qualcomm

References (2)

Vendor Advisory https://www.qualcomm.com/company/product-security/bulletins/november-2022-bullet...

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 1/34 · Minimal

Exposure 18/34 · Moderate