CVE-2020-11266
CVE-2020-11266 is a medium-severity vulnerability in Qualcomm Ar7420 Firmware with a CVSS 3.x base score of 6.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Medium (CVSS 3.x base score 6.5)
- CVSS v2: 2.1
- EPSS exploit prediction: 0% (6th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Qualcomm Ar7420 Firmware
- Published:
- Last modified:
Description
Image address is dereferenced before validating its range which can cause potential QSEE information leakage in Snapdragon Wired Infrastructure and Networking
Frequently asked questions
- What is CVE-2020-11266?
- Image address is dereferenced before validating its range which can cause potential QSEE information leakage in Snapdragon Wired Infrastructure and Networking
- How severe is CVE-2020-11266?
- CVE-2020-11266 has a CVSS 3.x base score of 6.5, rated medium severity. It is exploitable over local access with low attack complexity, requires low privileges and no user interaction. Impact on confidentiality is high, integrity none, and availability none.
- Is CVE-2020-11266 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (6th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2020-11266?
- CVE-2020-11266 primarily affects Qualcomm Ar7420 Firmware. In total, 26 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2020-11266?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2020-11266 published?
- CVE-2020-11266 was published on 2021-06-09 and last updated on 2026-06-17.
References
Affected products (26)
- cpe:2.3:o:qualcomm:ar7420_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:ar9580_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:csr8811_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:ipq4018_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:ipq4019_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:ipq4028_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:ipq4029_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qca10901_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qca4024_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qca7500_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qca7520_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qca7550_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qca8075_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qca9880_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qca9886_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qca9888_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qca9889_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qca9898_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qca9984_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qca9992_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qca9994_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qcn3018_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qfe1922_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:qfe1952_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wcd9340_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*
More vulnerabilities in Qualcomm Ar7420 Firmware
- CVE-2021-1976 — Critical (CVSS 9.8): A use after free can occur due to improper validation of P2P device address in PD Request frame in Snapdragon Auto,…
- CVE-2021-1972 — Critical (CVSS 9.8): Possible buffer overflow due to improper validation of device types during P2P search in Snapdragon Auto, Snapdragon…
- CVE-2020-11301 — Critical (CVSS 9.1): Improper authentication of un-encrypted plaintext Wi-Fi frames in an encrypted network can lead to information…
- CVE-2021-1924 — Critical (CVSS 9.0): Information disclosure through timing and power side-channels during mod exponentiation for RSA-CRT in Snapdragon Auto,…
- CVE-2020-11259 — High (CVSS 8.8): Memory corruption due to lack of validation of pointer arguments passed to Trustzone BSP in Snapdragon Wired…
- CVE-2020-11258 — High (CVSS 8.8): Memory corruption due to lack of validation of pointer arguments passed to Trustzone BSP in Snapdragon Wired…