CVE-2023-33019

7.5 HIGH

Denial of Service

📋 TL;DR

This vulnerability allows an attacker to cause a denial-of-service (DoS) condition in WLAN hosts by sending malformed Channel Switch Announcement (CSA) frames with invalid channel information. It affects mobile stations and wireless access points using Qualcomm WLAN chipsets, potentially disrupting wireless connectivity for affected devices.

💻 Affected Systems

Products:

• Qualcomm WLAN chipsets and devices using them

Versions: Specific affected versions not publicly detailed in advisory

Operating Systems: Android, Linux, and other OS using Qualcomm WLAN drivers

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices when CSA functionality is enabled, which is common in enterprise and dense wireless environments.

📦 What is this software?

205 Firmware by Qualcomm

View all CVEs affecting 205 Firmware →

215 Firmware by Qualcomm

View all CVEs affecting 215 Firmware →

9206 Lte Firmware by Qualcomm

View all CVEs affecting 9206 Lte Firmware →

Apq8017 Firmware by Qualcomm

View all CVEs affecting Apq8017 Firmware →

Apq8052 Firmware by Qualcomm

View all CVEs affecting Apq8052 Firmware →

Apq8056 Firmware by Qualcomm

View all CVEs affecting Apq8056 Firmware →

Apq8076 Firmware by Qualcomm

View all CVEs affecting Apq8076 Firmware →

Ar8031 Firmware by Qualcomm

View all CVEs affecting Ar8031 Firmware →

C V2x 9150 Firmware by Qualcomm

View all CVEs affecting C V2x 9150 Firmware →

Csra6620 Firmware by Qualcomm

View all CVEs affecting Csra6620 Firmware →

Csra6640 Firmware by Qualcomm

View all CVEs affecting Csra6640 Firmware →

Fastconnect 6200 Firmware by Qualcomm

View all CVEs affecting Fastconnect 6200 Firmware →

Home Hub 100 Firmware by Qualcomm

View all CVEs affecting Home Hub 100 Firmware →

Mdm9250 Firmware by Qualcomm

View all CVEs affecting Mdm9250 Firmware →

Mdm9628 Firmware by Qualcomm

View all CVEs affecting Mdm9628 Firmware →

Mdm9650 Firmware by Qualcomm

View all CVEs affecting Mdm9650 Firmware →

Msm8108 Firmware by Qualcomm

View all CVEs affecting Msm8108 Firmware →

Msm8209 Firmware by Qualcomm

View all CVEs affecting Msm8209 Firmware →

Msm8608 Firmware by Qualcomm

View all CVEs affecting Msm8608 Firmware →

Msm8909w Firmware by Qualcomm

View all CVEs affecting Msm8909w Firmware →

Msm8996au Firmware by Qualcomm

View all CVEs affecting Msm8996au Firmware →

Qca6174a Firmware by Qualcomm

View all CVEs affecting Qca6174a Firmware →

Qca6175a Firmware by Qualcomm

View all CVEs affecting Qca6175a Firmware →

Qca6554a Firmware by Qualcomm

View all CVEs affecting Qca6554a Firmware →

Qca6564a Firmware by Qualcomm

View all CVEs affecting Qca6564a Firmware →

Qca6564au Firmware by Qualcomm

View all CVEs affecting Qca6564au Firmware →

Qca6574 Firmware by Qualcomm

View all CVEs affecting Qca6574 Firmware →

Qca6574a Firmware by Qualcomm

View all CVEs affecting Qca6574a Firmware →

Qca6574au Firmware by Qualcomm

View all CVEs affecting Qca6574au Firmware →

Qca6584 Firmware by Qualcomm

View all CVEs affecting Qca6584 Firmware →

Qca6584au Firmware by Qualcomm

View all CVEs affecting Qca6584au Firmware →

Qca6595 Firmware by Qualcomm

View all CVEs affecting Qca6595 Firmware →

Qca6595au Firmware by Qualcomm

View all CVEs affecting Qca6595au Firmware →

Qca6696 Firmware by Qualcomm

View all CVEs affecting Qca6696 Firmware →

Qca9367 Firmware by Qualcomm

View all CVEs affecting Qca9367 Firmware →

Qca9377 Firmware by Qualcomm

View all CVEs affecting Qca9377 Firmware →

Qca9379 Firmware by Qualcomm

View all CVEs affecting Qca9379 Firmware →

Sd626 Firmware by Qualcomm

View all CVEs affecting Sd626 Firmware →

Sdm429w Firmware by Qualcomm

View all CVEs affecting Sdm429w Firmware →

Sdx20m Firmware by Qualcomm

View all CVEs affecting Sdx20m Firmware →

Smart Audio 200 Firmware by Qualcomm

View all CVEs affecting Smart Audio 200 Firmware →

Smart Audio 400 Firmware by Qualcomm

View all CVEs affecting Smart Audio 400 Firmware →

Smart Display 200 Firmware by Qualcomm

View all CVEs affecting Smart Display 200 Firmware →

Snapdragon 1200 Firmware by Qualcomm

View all CVEs affecting Snapdragon 1200 Firmware →

Snapdragon 208 Firmware by Qualcomm

View all CVEs affecting Snapdragon 208 Firmware →

Snapdragon 210 Firmware by Qualcomm

View all CVEs affecting Snapdragon 210 Firmware →

Snapdragon 212 Firmware by Qualcomm

View all CVEs affecting Snapdragon 212 Firmware →

Snapdragon 425 Firmware by Qualcomm

View all CVEs affecting Snapdragon 425 Firmware →

Snapdragon 429 Firmware by Qualcomm

View all CVEs affecting Snapdragon 429 Firmware →

Snapdragon 439 Firmware by Qualcomm

View all CVEs affecting Snapdragon 439 Firmware →

Snapdragon 450 Firmware by Qualcomm

View all CVEs affecting Snapdragon 450 Firmware →

Snapdragon 617 Firmware by Qualcomm

View all CVEs affecting Snapdragon 617 Firmware →

Snapdragon 625 Firmware by Qualcomm

View all CVEs affecting Snapdragon 625 Firmware →

Snapdragon 626 Firmware by Qualcomm

View all CVEs affecting Snapdragon 626 Firmware →

Snapdragon 632 Firmware by Qualcomm

View all CVEs affecting Snapdragon 632 Firmware →

Snapdragon 650 Firmware by Qualcomm

View all CVEs affecting Snapdragon 650 Firmware →

Snapdragon 652 Firmware by Qualcomm

View all CVEs affecting Snapdragon 652 Firmware →

Snapdragon 653 Firmware by Qualcomm

View all CVEs affecting Snapdragon 653 Firmware →

Snapdragon 820 Firmware by Qualcomm

View all CVEs affecting Snapdragon 820 Firmware →

Snapdragon Auto 5g Firmware by Qualcomm

View all CVEs affecting Snapdragon Auto 5g Firmware →

Snapdragon Wear 2100 Firmware by Qualcomm

View all CVEs affecting Snapdragon Wear 2100 Firmware →

Snapdragon Wear 2500 Firmware by Qualcomm

View all CVEs affecting Snapdragon Wear 2500 Firmware →

Snapdragon Wear 3100 Firmware by Qualcomm

View all CVEs affecting Snapdragon Wear 3100 Firmware →

Snapdragon Wear 4100\+ Firmware by Qualcomm

View all CVEs affecting Snapdragon Wear 4100\+ Firmware →

Snapdragon X12 Lte Firmware by Qualcomm

View all CVEs affecting Snapdragon X12 Lte Firmware →

Snapdragon X20 Lte Firmware by Qualcomm

View all CVEs affecting Snapdragon X20 Lte Firmware →

Snapdragon X5 Lte Firmware by Qualcomm

View all CVEs affecting Snapdragon X5 Lte Firmware →

Vision Intelligence 100 Firmware by Qualcomm

View all CVEs affecting Vision Intelligence 100 Firmware →

Vision Intelligence 200 Firmware by Qualcomm

View all CVEs affecting Vision Intelligence 200 Firmware →

Wcd9326 Firmware by Qualcomm

View all CVEs affecting Wcd9326 Firmware →

Wcd9330 Firmware by Qualcomm

View all CVEs affecting Wcd9330 Firmware →

Wcd9335 Firmware by Qualcomm

View all CVEs affecting Wcd9335 Firmware →

Wcn3610 Firmware by Qualcomm

View all CVEs affecting Wcn3610 Firmware →

Wcn3615 Firmware by Qualcomm

View all CVEs affecting Wcn3615 Firmware →

Wcn3620 Firmware by Qualcomm

View all CVEs affecting Wcn3620 Firmware →

Wcn3660 Firmware by Qualcomm

View all CVEs affecting Wcn3660 Firmware →

Wcn3660b Firmware by Qualcomm

View all CVEs affecting Wcn3660b Firmware →

Wcn3680 Firmware by Qualcomm

View all CVEs affecting Wcn3680 Firmware →

Wcn3680b Firmware by Qualcomm

View all CVEs affecting Wcn3680b Firmware →

Wcn3980 Firmware by Qualcomm

View all CVEs affecting Wcn3980 Firmware →

Wsa8810 Firmware by Qualcomm

View all CVEs affecting Wsa8810 Firmware →

Wsa8815 Firmware by Qualcomm

View all CVEs affecting Wsa8815 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete wireless network disruption causing extended downtime for all affected devices, potentially affecting critical infrastructure or business operations.

🟠

Likely Case

Temporary wireless connectivity loss for individual devices or small groups of devices, requiring reboots or reconnections.

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring, potentially brief connectivity interruptions.

🌐 Internet-Facing: MEDIUM - Attackers could target wireless networks from nearby locations, but requires proximity and specific wireless conditions.

🏢 Internal Only: MEDIUM - Internal attackers or compromised devices could disrupt wireless connectivity within the organization.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires wireless proximity and ability to transmit crafted CSA frames, but no authentication needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to September 2023 Qualcomm security bulletin for specific patched versions

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin

Restart Required: Yes

Instructions:

1. Check Qualcomm advisory for affected chipset versions. 2. Obtain firmware/driver updates from device manufacturer. 3. Apply updates following manufacturer instructions. 4. Reboot affected devices.

🔧 Temporary Workarounds

Disable CSA functionality

all

Prevent channel switching announcements if not required in your environment

Copy

# Configuration varies by device/wireless controller
# Consult vendor documentation for CSA disable commands

Network segmentation

all

Isolate critical wireless networks from general access networks

Copy

# Implement VLAN segmentation
# Use separate SSIDs for critical vs general use

🧯 If You Can't Patch

• Implement wireless intrusion detection/prevention systems to detect CSA attacks
• Monitor wireless networks for unusual CSA activity and implement rate limiting

🔍 How to Verify

Check if Vulnerable:

Copy

Check device specifications against Qualcomm's affected chipset list in September 2023 bulletin

Check Version:

Copy

# Command varies by device: adb shell getprop ro.build.fingerprint (Android) or lspci -v (Linux)

Verify Fix Applied:

Copy

Verify firmware/driver version matches patched versions listed in manufacturer updates

📡 Detection & Monitoring

Log Indicators:

• Wireless driver crashes
• Unexpected channel switching events
• Increased disconnection logs

Network Indicators:

• Unusual CSA frame patterns
• Multiple devices disconnecting simultaneously
• Abnormal channel switching

SIEM Query:

Copy

wireless AND (disconnect OR crash) AND timeframe(5m) count > threshold

📊 Metadata

CVE ID: CVE-2023-33019

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-285

Published: September 5, 2023

Last Updated: November 21, 2024

🔗 References

• https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin Patch,Vendor Advisory
• https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin Patch,Vendor Advisory

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-33019, you might also want to check these:

CVE-2025-65041 10.0

CVE-2025-65041 is an improper authorization vulnerability in Microsoft Partner Center that allows un...

Same vulnerability type (CWE-285)

CVE-2021-37705 10.0

CVE-2021-37705 is an authorization bypass vulnerability in OneFuzz that allows authenticated users f...

Same vulnerability type (CWE-285)

CVE-2023-33189 10.0

CVE-2023-33189 is an authorization bypass vulnerability in Pomerium identity-aware access proxy. Att...

Same vulnerability type (CWE-285)