CVE-2024-33073

Q: What is the severity of CVE-2024-33073?

CVE-2024-33073 has a CVSS score of 8.2 (HIGH). This vulnerability allows attackers to read sensitive information from Wi-Fi chipsets when parsing Multi-Link Device (MLD) information elements. It affects devices with Qualcomm Wi-Fi chipsets that haven't been patched. The information disclosure could reveal network configuration details or device capabilities.

8.2 HIGH

📋 TL;DR

This vulnerability allows attackers to read sensitive information from Wi-Fi chipsets when parsing Multi-Link Device (MLD) information elements. It affects devices with Qualcomm Wi-Fi chipsets that haven't been patched. The information disclosure could reveal network configuration details or device capabilities.

💻 Affected Systems

Products:

Qualcomm Wi-Fi chipsets and devices using them

Versions: Specific affected versions not detailed in reference; check Qualcomm advisory for chipset-specific versions

Operating Systems: Any OS using vulnerable Qualcomm Wi-Fi drivers/firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with Qualcomm Wi-Fi chipsets that support Multi-Link Operation (MLO) features

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could extract sensitive network configuration data, device capabilities, or potentially use the disclosed information to facilitate further attacks on the wireless network.

🟠

Likely Case

Information disclosure revealing BSS parameter change counts and MLD capabilities, which could help attackers profile networks or devices.

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring, though information disclosure still occurs.

🌐 Internet-Facing: MEDIUM - Requires proximity to wireless networks but doesn't require authentication to the network itself.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this to gather network intelligence within wireless range.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires wireless proximity and knowledge of Wi-Fi protocol parsing vulnerabilities

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Qualcomm October 2024 security bulletin for chipset-specific patches

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html

Restart Required: Yes

Instructions:

1. Check Qualcomm advisory for your specific chipset model. 2. Obtain updated firmware/drivers from device manufacturer. 3. Apply patches following manufacturer instructions. 4. Reboot affected devices.

🔧 Temporary Workarounds

Disable Multi-Link Operation

all

If supported, disable MLO/MLD features to prevent parsing of vulnerable information elements

Device-specific configuration commands vary by manufacturer

Network Segmentation

all

Segment wireless networks to limit exposure of sensitive devices

🧯 If You Can't Patch

Implement strict network monitoring for unusual Wi-Fi traffic patterns
Consider replacing affected hardware with patched versions if critical systems are vulnerable

🔍 How to Verify

Check if Vulnerable:

Check device specifications for Qualcomm Wi-Fi chipsets and compare against Qualcomm's October 2024 security bulletin

Check Version:

Device-specific commands vary; typically 'iwconfig', 'ip link show', or manufacturer-specific tools

Verify Fix Applied:

Verify firmware/driver versions match patched versions listed in Qualcomm advisory

📡 Detection & Monitoring

Log Indicators:

Unusual Wi-Fi driver/firmware errors
MLD/BSS parameter parsing failures

Network Indicators:

Abnormal MLD information element traffic
Unexpected BSS parameter change broadcasts

SIEM Query:

Search for Wi-Fi driver crashes, MLD parsing errors, or Qualcomm chipset-specific error codes

📊 Metadata

CVE ID: CVE-2024-33073

CVSS v3 Score: 8.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

CWE: CWE-126

Published: October 7, 2024

Last Updated: August 11, 2025

🔗 References

https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Ar8035 Firmware by Qualcomm

Csr8811 Firmware by Qualcomm

Fastconnect 6700 Firmware by Qualcomm

Fastconnect 6900 Firmware by Qualcomm

Fastconnect 7800 Firmware by Qualcomm

Flight Rb5 5g Platform Firmware by Qualcomm

Immersive Home 214 Platform Firmware by Qualcomm

Immersive Home 216 Platform Firmware by Qualcomm

Immersive Home 316 Platform Firmware by Qualcomm

Immersive Home 318 Platform Firmware by Qualcomm

Immersive Home 3210 Platform Firmware by Qualcomm

Immersive Home 326 Platform Firmware by Qualcomm

Ipq5010 Firmware by Qualcomm

Ipq5028 Firmware by Qualcomm

Ipq5300 Firmware by Qualcomm

Ipq5302 Firmware by Qualcomm

Ipq5312 Firmware by Qualcomm

Ipq5332 Firmware by Qualcomm

Ipq6000 Firmware by Qualcomm

Ipq6010 Firmware by Qualcomm

Ipq6018 Firmware by Qualcomm

Ipq6028 Firmware by Qualcomm

Ipq8070a Firmware by Qualcomm

Ipq8071a Firmware by Qualcomm

Ipq8072a Firmware by Qualcomm

Ipq8074a Firmware by Qualcomm

Ipq8076 Firmware by Qualcomm

Ipq8076a Firmware by Qualcomm

Ipq8078 Firmware by Qualcomm

Ipq8078a Firmware by Qualcomm

Ipq8173 Firmware by Qualcomm

Ipq8174 Firmware by Qualcomm

Ipq9008 Firmware by Qualcomm

Ipq9554 Firmware by Qualcomm

Ipq9570 Firmware by Qualcomm

Ipq9574 Firmware by Qualcomm

Qam8255p Firmware by Qualcomm

Qam8295p Firmware by Qualcomm

Qam8620p Firmware by Qualcomm

Qam8650p Firmware by Qualcomm

Qam8775p Firmware by Qualcomm

Qamsrv1h Firmware by Qualcomm

Qamsrv1m Firmware by Qualcomm

Qca0000 Firmware by Qualcomm

Qca4024 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6554a Firmware by Qualcomm

Qca6564au Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6584au Firmware by Qualcomm

Qca6595 Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6678aq Firmware by Qualcomm

Qca6688aq Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca6698aq Firmware by Qualcomm

Qca6797aq Firmware by Qualcomm

Qca8075 Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8082 Firmware by Qualcomm

Qca8084 Firmware by Qualcomm

Qca8085 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qca8386 Firmware by Qualcomm

Qca9888 Firmware by Qualcomm

Qca9889 Firmware by Qualcomm

Qcc2073 Firmware by Qualcomm

Qcc2076 Firmware by Qualcomm

Qcc710 Firmware by Qualcomm

Qcf8000 Firmware by Qualcomm

Qcf8001 Firmware by Qualcomm

Qcm5430 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcm8550 Firmware by Qualcomm

Qcn5022 Firmware by Qualcomm