CVE-2024-38426

5.4 MEDIUM

Authentication Bypass

📋 TL;DR

This vulnerability in Qualcomm UE (User Equipment) authentication processing allows improper authentication that could lead to information disclosure. It affects devices using Qualcomm chipsets with vulnerable firmware. Attackers could potentially access sensitive information from affected mobile devices.

💻 Affected Systems

Products:

• Qualcomm chipsets with vulnerable firmware

Versions: Specific versions not detailed in public advisory; refer to Qualcomm March 2025 bulletin

Operating Systems: Android and other mobile OS using Qualcomm chipsets

Default Config Vulnerable: ⚠️ Yes

Notes: Affects mobile devices with Qualcomm chipsets; exact device models depend on firmware implementation

📦 What is this software?

205 Firmware by Qualcomm

View all CVEs affecting 205 Firmware →

215 Firmware by Qualcomm

View all CVEs affecting 215 Firmware →

315 5g Iot Firmware by Qualcomm

View all CVEs affecting 315 5g Iot Firmware →

9205 Lte Firmware by Qualcomm

View all CVEs affecting 9205 Lte Firmware →

Ar8035 Firmware by Qualcomm

View all CVEs affecting Ar8035 Firmware →

Csra6620 Firmware by Qualcomm

View all CVEs affecting Csra6620 Firmware →

Csra6640 Firmware by Qualcomm

View all CVEs affecting Csra6640 Firmware →

Csrb31024 Firmware by Qualcomm

View all CVEs affecting Csrb31024 Firmware →

Fastconnect 6200 Firmware by Qualcomm

View all CVEs affecting Fastconnect 6200 Firmware →

Fastconnect 6700 Firmware by Qualcomm

View all CVEs affecting Fastconnect 6700 Firmware →

Fastconnect 6800 Firmware by Qualcomm

View all CVEs affecting Fastconnect 6800 Firmware →

Fastconnect 6900 Firmware by Qualcomm

View all CVEs affecting Fastconnect 6900 Firmware →

Fastconnect 7800 Firmware by Qualcomm

View all CVEs affecting Fastconnect 7800 Firmware →

Mdm9205s Firmware by Qualcomm

View all CVEs affecting Mdm9205s Firmware →

Mdm9628 Firmware by Qualcomm

View all CVEs affecting Mdm9628 Firmware →

Mdm9640 Firmware by Qualcomm

View all CVEs affecting Mdm9640 Firmware →

Msm8996au Firmware by Qualcomm

View all CVEs affecting Msm8996au Firmware →

Qca4004 Firmware by Qualcomm

View all CVEs affecting Qca4004 Firmware →

Qca6174a Firmware by Qualcomm

View all CVEs affecting Qca6174a Firmware →

Qca6310 Firmware by Qualcomm

View all CVEs affecting Qca6310 Firmware →

Qca6320 Firmware by Qualcomm

View all CVEs affecting Qca6320 Firmware →

Qca6391 Firmware by Qualcomm

View all CVEs affecting Qca6391 Firmware →

Qca6564a Firmware by Qualcomm

View all CVEs affecting Qca6564a Firmware →

Qca6564au Firmware by Qualcomm

View all CVEs affecting Qca6564au Firmware →

Qca6574a Firmware by Qualcomm

View all CVEs affecting Qca6574a Firmware →

Qca6574au Firmware by Qualcomm

View all CVEs affecting Qca6574au Firmware →

Qca6584 Firmware by Qualcomm

View all CVEs affecting Qca6584 Firmware →

Qca6584au Firmware by Qualcomm

View all CVEs affecting Qca6584au Firmware →

Qca6595au Firmware by Qualcomm

View all CVEs affecting Qca6595au Firmware →

Qca6696 Firmware by Qualcomm

View all CVEs affecting Qca6696 Firmware →

Qca6698aq Firmware by Qualcomm

View all CVEs affecting Qca6698aq Firmware →

Qca8081 Firmware by Qualcomm

View all CVEs affecting Qca8081 Firmware →

Qca8337 Firmware by Qualcomm

View all CVEs affecting Qca8337 Firmware →

Qca9367 Firmware by Qualcomm

View all CVEs affecting Qca9367 Firmware →

Qca9377 Firmware by Qualcomm

View all CVEs affecting Qca9377 Firmware →

Qcc710 Firmware by Qualcomm

View all CVEs affecting Qcc710 Firmware →

Qcc711 Firmware by Qualcomm

View all CVEs affecting Qcc711 Firmware →

Qcm2150 Firmware by Qualcomm

View all CVEs affecting Qcm2150 Firmware →

Qcm2290 Firmware by Qualcomm

View all CVEs affecting Qcm2290 Firmware →

Qcm4290 Firmware by Qualcomm

View all CVEs affecting Qcm4290 Firmware →

Qcm4325 Firmware by Qualcomm

View all CVEs affecting Qcm4325 Firmware →

Qcm4490 Firmware by Qualcomm

View all CVEs affecting Qcm4490 Firmware →

Qcm6125 Firmware by Qualcomm

View all CVEs affecting Qcm6125 Firmware →

Qcn6024 Firmware by Qualcomm

View all CVEs affecting Qcn6024 Firmware →

Qcn6224 Firmware by Qualcomm

View all CVEs affecting Qcn6224 Firmware →

Qcn6274 Firmware by Qualcomm

View all CVEs affecting Qcn6274 Firmware →

Qcn9024 Firmware by Qualcomm

View all CVEs affecting Qcn9024 Firmware →

Qcs2290 Firmware by Qualcomm

View all CVEs affecting Qcs2290 Firmware →

Qcs410 Firmware by Qualcomm

View all CVEs affecting Qcs410 Firmware →

Qcs4290 Firmware by Qualcomm

View all CVEs affecting Qcs4290 Firmware →

Qcs4490 Firmware by Qualcomm

View all CVEs affecting Qcs4490 Firmware →

Qcs610 Firmware by Qualcomm

View all CVEs affecting Qcs610 Firmware →

Qcs6125 Firmware by Qualcomm

View all CVEs affecting Qcs6125 Firmware →

Qep8111 Firmware by Qualcomm

View all CVEs affecting Qep8111 Firmware →

Qfw7114 Firmware by Qualcomm

View all CVEs affecting Qfw7114 Firmware →

Qfw7124 Firmware by Qualcomm

View all CVEs affecting Qfw7124 Firmware →

Qts110 Firmware by Qualcomm

View all CVEs affecting Qts110 Firmware →

Robotics Rb2 Firmware by Qualcomm

View all CVEs affecting Robotics Rb2 Firmware →

Sd 675 Firmware by Qualcomm

View all CVEs affecting Sd 675 Firmware →

Sd 8 Gen1 5g Firmware by Qualcomm

View all CVEs affecting Sd 8 Gen1 5g Firmware →

Sd675 Firmware by Qualcomm

View all CVEs affecting Sd675 Firmware →

Sd730 Firmware by Qualcomm

View all CVEs affecting Sd730 Firmware →

Sd835 Firmware by Qualcomm

View all CVEs affecting Sd835 Firmware →

Sdm429w Firmware by Qualcomm

View all CVEs affecting Sdm429w Firmware →

Sdx55 Firmware by Qualcomm

View all CVEs affecting Sdx55 Firmware →

Sdx57m Firmware by Qualcomm

View all CVEs affecting Sdx57m Firmware →

Sdx61 Firmware by Qualcomm

View all CVEs affecting Sdx61 Firmware →

Sdx71m Firmware by Qualcomm

View all CVEs affecting Sdx71m Firmware →

Sdx80m Firmware by Qualcomm

View all CVEs affecting Sdx80m Firmware →

Sg4150p Firmware by Qualcomm

View all CVEs affecting Sg4150p Firmware →

Sm6650 Firmware by Qualcomm

View all CVEs affecting Sm6650 Firmware →

Sm7250p Firmware by Qualcomm

View all CVEs affecting Sm7250p Firmware →

Sm7635 Firmware by Qualcomm

View all CVEs affecting Sm7635 Firmware →

Sm7675 Firmware by Qualcomm

View all CVEs affecting Sm7675 Firmware →

Sm7675p Firmware by Qualcomm

View all CVEs affecting Sm7675p Firmware →

Sm8635 Firmware by Qualcomm

View all CVEs affecting Sm8635 Firmware →

Sm8635p Firmware by Qualcomm

View all CVEs affecting Sm8635p Firmware →

Sm8650q Firmware by Qualcomm

View all CVEs affecting Sm8650q Firmware →

Smart Audio 400 Firmware by Qualcomm

View all CVEs affecting Smart Audio 400 Firmware →

Snapdragon 210 Firmware by Qualcomm

View all CVEs affecting Snapdragon 210 Firmware →

Snapdragon 212 Firmware by Qualcomm

View all CVEs affecting Snapdragon 212 Firmware →

Snapdragon 4 Gen 1 Firmware by Qualcomm

View all CVEs affecting Snapdragon 4 Gen 1 Firmware →

Snapdragon 429 Firmware by Qualcomm

View all CVEs affecting Snapdragon 429 Firmware →

Snapdragon 439 Firmware by Qualcomm

View all CVEs affecting Snapdragon 439 Firmware →

Snapdragon 460 Firmware by Qualcomm

View all CVEs affecting Snapdragon 460 Firmware →

Snapdragon 480 5g Firmware by Qualcomm

View all CVEs affecting Snapdragon 480 5g Firmware →

Snapdragon 480 5g Firmware by Qualcomm

View all CVEs affecting Snapdragon 480 5g Firmware →

Snapdragon 662 Firmware by Qualcomm

View all CVEs affecting Snapdragon 662 Firmware →

Snapdragon 665 Firmware by Qualcomm

View all CVEs affecting Snapdragon 665 Firmware →

Snapdragon 675 Firmware by Qualcomm

View all CVEs affecting Snapdragon 675 Firmware →

Snapdragon 678 Firmware by Qualcomm

View all CVEs affecting Snapdragon 678 Firmware →

Snapdragon 680 4g Firmware by Qualcomm

View all CVEs affecting Snapdragon 680 4g Firmware →

Snapdragon 685 4g Firmware by Qualcomm

View all CVEs affecting Snapdragon 685 4g Firmware →

Snapdragon 690 5g Firmware by Qualcomm

View all CVEs affecting Snapdragon 690 5g Firmware →

Snapdragon 695 5g Firmware by Qualcomm

View all CVEs affecting Snapdragon 695 5g Firmware →

Snapdragon 730 Firmware by Qualcomm

View all CVEs affecting Snapdragon 730 Firmware →

Snapdragon 730g Firmware by Qualcomm

View all CVEs affecting Snapdragon 730g Firmware →

Snapdragon 732g Firmware by Qualcomm

View all CVEs affecting Snapdragon 732g Firmware →

Snapdragon 765 5g Firmware by Qualcomm

View all CVEs affecting Snapdragon 765 5g Firmware →

Snapdragon 765g 5g Firmware by Qualcomm

View all CVEs affecting Snapdragon 765g 5g Firmware →

Snapdragon 768g 5g Firmware by Qualcomm

View all CVEs affecting Snapdragon 768g 5g Firmware →

Snapdragon 8 Gen 1 Firmware by Qualcomm

View all CVEs affecting Snapdragon 8 Gen 1 Firmware →

Snapdragon 8 Gen 3 Firmware by Qualcomm

View all CVEs affecting Snapdragon 8 Gen 3 Firmware →

Snapdragon 835 Mobile Pc Firmware by Qualcomm

View all CVEs affecting Snapdragon 835 Mobile Pc Firmware →

Snapdragon 865 5g Firmware by Qualcomm

View all CVEs affecting Snapdragon 865 5g Firmware →

Snapdragon 8657\+ 5g Firmware by Qualcomm

View all CVEs affecting Snapdragon 8657\+ 5g Firmware →

Snapdragon 870 5g Firmware by Qualcomm

View all CVEs affecting Snapdragon 870 5g Firmware →

Snapdragon Auto 4g Firmware by Qualcomm

View all CVEs affecting Snapdragon Auto 4g Firmware →

Snapdragon Auto 5g Rf Firmware by Qualcomm

View all CVEs affecting Snapdragon Auto 5g Rf Firmware →

Snapdragon Auto 5g Rf Gen 2 Firmware by Qualcomm

View all CVEs affecting Snapdragon Auto 5g Rf Gen 2 Firmware →

Snapdragon W5\+ Gen 1 Firmware by Qualcomm

View all CVEs affecting Snapdragon W5\+ Gen 1 Firmware →

Snapdragon Wear 1300 Firmware by Qualcomm

View all CVEs affecting Snapdragon Wear 1300 Firmware →

Snapdragon Wear 4100\+ Firmware by Qualcomm

View all CVEs affecting Snapdragon Wear 4100\+ Firmware →

Snapdragon X12 Lte Firmware by Qualcomm

View all CVEs affecting Snapdragon X12 Lte Firmware →

Snapdragon X35 5g Rf Firmware by Qualcomm

View all CVEs affecting Snapdragon X35 5g Rf Firmware →

Snapdragon X5 Lte Firmware by Qualcomm

View all CVEs affecting Snapdragon X5 Lte Firmware →

Snapdragon X55 5g Rf Firmware by Qualcomm

View all CVEs affecting Snapdragon X55 5g Rf Firmware →

Snapdragon X62 5g Rf Firmware by Qualcomm

View all CVEs affecting Snapdragon X62 5g Rf Firmware →

Snapdragon X65 5g Rf Firmware by Qualcomm

View all CVEs affecting Snapdragon X65 5g Rf Firmware →

Snapdragon X70 Rf Firmware by Qualcomm

View all CVEs affecting Snapdragon X70 Rf Firmware →

Snapdragon X72 5g Rf Firmware by Qualcomm

View all CVEs affecting Snapdragon X72 5g Rf Firmware →

Snapdragon X75 5g Rf Firmware by Qualcomm

View all CVEs affecting Snapdragon X75 5g Rf Firmware →

Sw5100 Firmware by Qualcomm

View all CVEs affecting Sw5100 Firmware →

Sw5100p Firmware by Qualcomm

View all CVEs affecting Sw5100p Firmware →

Video Collaboration Vc1 Platform Firmware by Qualcomm

View all CVEs affecting Video Collaboration Vc1 Platform Firmware →

Video Collaboration Vc3 Platform Firmware by Qualcomm

View all CVEs affecting Video Collaboration Vc3 Platform Firmware →

Wcd9306 Firmware by Qualcomm

View all CVEs affecting Wcd9306 Firmware →

Wcd9326 Firmware by Qualcomm

View all CVEs affecting Wcd9326 Firmware →

Wcd9330 Firmware by Qualcomm

View all CVEs affecting Wcd9330 Firmware →

Wcd9335 Firmware by Qualcomm

View all CVEs affecting Wcd9335 Firmware →

Wcd9340 Firmware by Qualcomm

View all CVEs affecting Wcd9340 Firmware →

Wcd9341 Firmware by Qualcomm

View all CVEs affecting Wcd9341 Firmware →

Wcd9370 Firmware by Qualcomm

View all CVEs affecting Wcd9370 Firmware →

Wcd9371 Firmware by Qualcomm

View all CVEs affecting Wcd9371 Firmware →

Wcd9375 Firmware by Qualcomm

View all CVEs affecting Wcd9375 Firmware →

Wcd9378 Firmware by Qualcomm

View all CVEs affecting Wcd9378 Firmware →

Wcd9380 Firmware by Qualcomm

View all CVEs affecting Wcd9380 Firmware →

Wcd9385 Firmware by Qualcomm

View all CVEs affecting Wcd9385 Firmware →

Wcd9390 Firmware by Qualcomm

View all CVEs affecting Wcd9390 Firmware →

Wcd9395 Firmware by Qualcomm

View all CVEs affecting Wcd9395 Firmware →

Wcn3610 Firmware by Qualcomm

View all CVEs affecting Wcn3610 Firmware →

Wcn3615 Firmware by Qualcomm

View all CVEs affecting Wcn3615 Firmware →

Wcn3620 Firmware by Qualcomm

View all CVEs affecting Wcn3620 Firmware →

Wcn3660b Firmware by Qualcomm

View all CVEs affecting Wcn3660b Firmware →

Wcn3680 Firmware by Qualcomm

View all CVEs affecting Wcn3680 Firmware →

Wcn3680b Firmware by Qualcomm

View all CVEs affecting Wcn3680b Firmware →

Wcn3910 Firmware by Qualcomm

View all CVEs affecting Wcn3910 Firmware →

Wcn3950 Firmware by Qualcomm

View all CVEs affecting Wcn3950 Firmware →

Wcn3980 Firmware by Qualcomm

View all CVEs affecting Wcn3980 Firmware →

Wcn3988 Firmware by Qualcomm

View all CVEs affecting Wcn3988 Firmware →

Wcn3990 Firmware by Qualcomm

View all CVEs affecting Wcn3990 Firmware →

Wcn6450 Firmware by Qualcomm

View all CVEs affecting Wcn6450 Firmware →

Wcn6650 Firmware by Qualcomm

View all CVEs affecting Wcn6650 Firmware →

Wcn6755 Firmware by Qualcomm

View all CVEs affecting Wcn6755 Firmware →

Wcn7861 Firmware by Qualcomm

View all CVEs affecting Wcn7861 Firmware →

Wcn7881 Firmware by Qualcomm

View all CVEs affecting Wcn7881 Firmware →

Wsa8810 Firmware by Qualcomm

View all CVEs affecting Wsa8810 Firmware →

Wsa8815 Firmware by Qualcomm

View all CVEs affecting Wsa8815 Firmware →

Wsa8830 Firmware by Qualcomm

View all CVEs affecting Wsa8830 Firmware →

Wsa8832 Firmware by Qualcomm

View all CVEs affecting Wsa8832 Firmware →

Wsa8835 Firmware by Qualcomm

View all CVEs affecting Wsa8835 Firmware →

Wsa8840 Firmware by Qualcomm

View all CVEs affecting Wsa8840 Firmware →

Wsa8845 Firmware by Qualcomm

View all CVEs affecting Wsa8845 Firmware →

Wsa8845h Firmware by Qualcomm

View all CVEs affecting Wsa8845h Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of user data including authentication credentials, personal information, and device identifiers leading to identity theft or further attacks

🟠

Likely Case

Unauthorized access to limited device information such as IMSI, location data, or device identifiers that could enable tracking or profiling

🟢

If Mitigated

No impact if proper authentication controls and network security measures are implemented

🌐 Internet-Facing: MEDIUM - While the vulnerability exists in mobile devices, exploitation typically requires proximity or network access

🏢 Internal Only: LOW - This primarily affects end-user devices rather than internal enterprise systems

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires specific knowledge of authentication protocol implementation and likely proximity to target device

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Qualcomm March 2025 security bulletin for specific firmware versions

Vendor Advisory: https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html

Restart Required: Yes

Instructions:

1. Check device manufacturer for security updates 2. Apply Qualcomm firmware updates 3. Reboot device after update 4. Verify update through device settings

🔧 Temporary Workarounds

Network Security Controls

all

Implement network-level authentication and encryption controls

Device Isolation

all

Restrict device access to trusted networks only

🧯 If You Can't Patch

• Implement network segmentation to isolate vulnerable devices
• Deploy mobile device management (MDM) with strict security policies

🔍 How to Verify

Check if Vulnerable:

Copy

Check device firmware version against Qualcomm security bulletin; consult device manufacturer for specific vulnerability status

Check Version:

Copy

Device-specific: Settings > About Phone > Software Information (varies by manufacturer)

Verify Fix Applied:

Copy

Verify firmware version has been updated to patched version specified in Qualcomm advisory

📡 Detection & Monitoring

Log Indicators:

• Unusual authentication attempts in device logs
• Failed authentication events followed by successful access

Network Indicators:

• Suspicious authentication protocol traffic
• Unusual network connections from mobile devices

SIEM Query:

Copy

Authentication events from mobile devices with CWE-287 patterns

📊 Metadata

CVE ID: CVE-2024-38426

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

CWE: CWE-287

EPSS Score: 0.09% exploit probability (25th percentile)

Published: March 3, 2025

Last Updated: August 11, 2025

🔗 References

• https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html Vendor Advisory

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-38426, you might also want to check these:

CVE-2024-27767 10.0

CVE-2024-27767 is an authentication bypass vulnerability that allows attackers to gain unauthorized ...

Same vulnerability type (CWE-287)

CVE-2026-24898 10.0

OpenEMR versions before 8.0.0 contain an unauthenticated token disclosure vulnerability in the MedEx...

Same vulnerability type (CWE-287)

CVE-2026-20127 10.0

This critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager al...

Same vulnerability type (CWE-287)