Security Center

NAVIGATOR

CVE ID	CVE-2024-32634
Title	Logically dead code
Description	In huge memory get unmapped area check, code can never be reached because of a logical contradiction.
Technology Area	Modem
Vulnerability Type	CWE561 Dead code
Security Rating	Medium
CVSS Rating	Medium
CVSS Score	6.1
CVSS String	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:H
Affected Chipsets	ASR180x

CVE ID	CVE-2024-32633
Title	Unsigned compared against 0
Description	An unsigned value can never be negative, so eMMC full disk test will always evaluate the same way.
Technology Area	Modem
Vulnerability Type	CWE-570 Expression is Always False
Security Rating	Medium
CVSS Rating	Medium
CVSS Score	4
CVSS String	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L
Affected Chipsets	ASR360x, ASR160x, ASR180x

CVE ID	CVE-2024-32632
Title	Printf arg type mismatch in ATCMD
Description	A value in ATCMD will be misinterpreted by printf, causing incorrect output and possibly out-of-bounds memory access
Technology Area	Modem
Vulnerability Type	CWE686 Function Call with Incorrrect Argument Type
Security Rating	Medium
CVSS Rating	Medium
CVSS Score	6.6
CVSS String	CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H
Affected Chipsets	ASR360x, ASR160x, ASR180x

CVE ID	CVE-2024-32631
Title	Out-of-bounds read in telephony
Description	In ciCCIOTOPT, out-of-bounds read from a buffer will cause incorrect computations.
Technology Area	Modem
Vulnerability Type	CWE-125 Out-of-bounds read
Security Rating	High
CVSS Rating	High
CVSS Score	7.2
CVSS String	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:H
Affected Chipsets	ASR360x, ASR160x, ASR180x

CVE ID	CVE-2024-32625
Title	Uninitialized scalar field
Description	In OffloadAMRWriter, a scalar field is not initialized so will contain an arbitrary value left over from earlier computations
Technology Area	Modem
Vulnerability Type	CWE-457 Use of Uninitialized Variable
Security Rating	Medium
CVSS Rating	Medium
CVSS Score	5.8
CVSS String	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H
Affected Chipsets	ASR360x, ASR160x, ASR180x

021-60336588

ASR WeChat

By Vthink

CVE ID	CVE-2023-24855
Title	Use of Out-of-range Pointer Offset in Modem
Description	Memory corruption in Modem while processing security related configuration before AS Security Exchange.
CVE ID	CVE-2023-24855
Title	Use of Out-of-range Pointer Offset in Modem
Description	Memory corruption in Modem while processing security related configuration before AS Security Exchange.
CVE ID	CVE-2023-24855
Title	Use of Out-of-range Pointer Offset in Modem
Description	Memory corruption in Modem while processing security related configuration before AS Security Exchange.
CVE ID	CVE-2023-24855
Title	Use of Out-of-range Pointer Offset in Modem
Description	Memory corruption in Modem while processing security related configuration before AS Security Exchange.
CVE ID	CVE-2023-24855
Title	Use of Out-of-range Pointer Offset in Modem
Description	Memory corruption in Modem while processing security related configuration before AS Security Exchange.
CVE ID	CVE-2023-24855
Title	Use of Out-of-range Pointer Offset in Modem
Description	Memory corruption in Modem while processing security related configuration before AS Security Exchange.
CVE ID	CVE-2023-24855
Title	Use of Out-of-range Pointer Offset in Modem
Description	Memory corruption in Modem while processing security related configuration before AS Security Exchange.