CVE-2021-1887

Q: What is the severity of CVE-2021-1887?

CVE-2021-1887 has a CVSS score of 7.5 (HIGH). This vulnerability in Qualcomm Snapdragon chipsets allows attackers to trigger a denial-of-service condition via the Wi-Fi Fine Timing Measurement protocol. It affects networking infrastructure devices using vulnerable Snapdragon components. Successful exploitation could crash the WLAN subsystem.

7.5 HIGH

Denial of Service

📋 TL;DR

This vulnerability in Qualcomm Snapdragon chipsets allows attackers to trigger a denial-of-service condition via the Wi-Fi Fine Timing Measurement protocol. It affects networking infrastructure devices using vulnerable Snapdragon components. Successful exploitation could crash the WLAN subsystem.

💻 Affected Systems

Products:

Qualcomm Snapdragon Wired Infrastructure and Networking chipsets

Versions: Specific affected versions detailed in Qualcomm advisory

Operating Systems: Embedded systems using affected Snapdragon chipsets

Default Config Vulnerable: ⚠️ Yes

Notes: Requires Wi-Fi Fine Timing Measurement protocol to be enabled/used

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of service on affected networking devices, disrupting Wi-Fi connectivity and potentially requiring physical intervention to restore functionality.

🟠

Likely Case

Temporary Wi-Fi service disruption on affected devices, potentially affecting multiple connected clients until system recovery.

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring, potentially isolated to specific network segments.

🌐 Internet-Facing: MEDIUM - Requires proximity to Wi-Fi network but could affect internet-facing access points.

🏢 Internal Only: MEDIUM - Internal Wi-Fi infrastructure could be disrupted by attackers with network access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires proximity to Wi-Fi network and knowledge of FTM protocol manipulation

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patches available through Qualcomm component updates

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/july-2021-bulletin

Restart Required: Yes

Instructions:

1. Contact device manufacturer for firmware updates 2. Apply Qualcomm-provided patches 3. Reboot affected devices

🔧 Temporary Workarounds

Disable Wi-Fi FTM

all

Disable Fine Timing Measurement protocol if not required

Device-specific configuration commands vary by manufacturer

🧯 If You Can't Patch

Segment affected devices on isolated network segments
Implement strict access controls to limit who can connect to Wi-Fi networks

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against manufacturer's patched versions

Check Version:

Device-specific command (varies by manufacturer)

Verify Fix Applied:

Verify firmware version matches patched version from manufacturer

📡 Detection & Monitoring

Log Indicators:

Unexpected WLAN subsystem crashes
Wi-Fi service restarts

Network Indicators:

Unusual FTM protocol traffic patterns
Wi-Fi connectivity disruptions

SIEM Query:

Search for WLAN subsystem error messages or service restarts

📊 Metadata

CVE ID: CVE-2021-1887

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-617

Published: July 13, 2021

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/july-2021-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/july-2021-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Ar7420 Firmware by Qualcomm

Ar9380 Firmware by Qualcomm

Csr8811 Firmware by Qualcomm

Ipq4018 Firmware by Qualcomm

Ipq4019 Firmware by Qualcomm

Ipq4028 Firmware by Qualcomm

Ipq4029 Firmware by Qualcomm

Ipq8064 Firmware by Qualcomm

Ipq8065 Firmware by Qualcomm

Ipq8069 Firmware by Qualcomm

Ipq8074 Firmware by Qualcomm

Qca6310 Firmware by Qualcomm

Qca6320 Firmware by Qualcomm

Qca6335 Firmware by Qualcomm

Qca6428 Firmware by Qualcomm

Qca6438 Firmware by Qualcomm

Qca7500 Firmware by Qualcomm

Qca7520 Firmware by Qualcomm

Qca7550 Firmware by Qualcomm

Qca9531 Firmware by Qualcomm

Qca9558 Firmware by Qualcomm

Qca9561 Firmware by Qualcomm

Qca9563 Firmware by Qualcomm

Qca9880 Firmware by Qualcomm

Qca9882 Firmware by Qualcomm

Qca9887 Firmware by Qualcomm

Qca9888 Firmware by Qualcomm

Qca9889 Firmware by Qualcomm

Qca9896 Firmware by Qualcomm

Qca9898 Firmware by Qualcomm

Qca9980 Firmware by Qualcomm

Qca9984 Firmware by Qualcomm

Qca9990 Firmware by Qualcomm

Qca9992 Firmware by Qualcomm

Qca9994 Firmware by Qualcomm

Qcn5024 Firmware by Qualcomm

Qcn5054 Firmware by Qualcomm

Qcn5501 Firmware by Qualcomm

Qcn5502 Firmware by Qualcomm