CVE-2020-3702
First published: Tue Sep 08 2020(Updated: )
Last updated 18 February 2025
Credit: product-security@qualcomm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| qualcomm apq8053-ac firmware | ||
| Qualcomm APQ8053 Firmware | ||
| All of | ||
| Qualcomm IPQ4019 | ||
| Qualcomm IPQ4019 Firmware | ||
| All of | ||
| Qualcomm IPQ8064 Firmware | ||
| Qualcomm IPQ8064 Firmware | ||
| All of | ||
| Qualcomm MSM8909W | ||
| Qualcomm Snapdragon 8909 | ||
| All of | ||
| qualcomm MSM8996AU firmware | ||
| Qualcomm MSM8996AU Firmware | ||
| All of | ||
| Qualcomm QCA9531 | ||
| Qualcomm QCA9531 | ||
| All of | ||
| Qualcomm QCN5502 Firmware | ||
| Qualcomm QCN5502 Firmware | ||
| All of | ||
| Qualcomm QCS405 Firmware | ||
| Qualcomm QCS405 Firmware | ||
| All of | ||
| Qualcomm SDX20 Firmware | ||
| Qualcomm SDX20 Firmware | ||
| All of | ||
| qualcomm SM6150P firmware | ||
| Qualcomm SM6150P | ||
| All of | ||
| qualcomm SM7150 firmware | ||
| qualcomm SM7150 firmware | ||
| Debian | =10.0 | |
| All of | ||
| Arista Wireless Access Points | <=8.8.3-12 | |
| Any of | ||
| Arista AV2 | ||
| Arista C-75 Firmware | ||
| Arista C75-E | ||
| Arista O90E | ||
| Arista O-90 | ||
| Arista W-68 | ||
| Debian | =9.0 | |
| qualcomm apq8053-ac firmware | ||
| Qualcomm APQ8053 Firmware | ||
| Qualcomm IPQ4019 | ||
| Qualcomm IPQ4019 Firmware | ||
| Qualcomm IPQ8064 Firmware | ||
| Qualcomm IPQ8064 Firmware | ||
| Qualcomm MSM8909W | ||
| Qualcomm Snapdragon 8909 | ||
| qualcomm MSM8996AU firmware | ||
| Qualcomm MSM8996AU Firmware | ||
| Qualcomm QCA9531 | ||
| Qualcomm QCA9531 | ||
| Qualcomm QCN5502 Firmware | ||
| Qualcomm QCN5502 Firmware | ||
| Qualcomm QCS405 Firmware | ||
| Qualcomm QCS405 Firmware | ||
| Qualcomm SDX20 Firmware | ||
| Qualcomm SDX20 Firmware | ||
| qualcomm SM6150P firmware | ||
| Qualcomm SM6150P | ||
| qualcomm SM7150 firmware | ||
| qualcomm SM7150 firmware | ||
| Arista Wireless Access Points | <=8.8.3-12 | |
| Arista AV2 | ||
| Arista C-75 Firmware | ||
| Arista C75-E | ||
| Arista O90E | ||
| Arista O-90 | ||
| Arista W-68 | ||
| debian/linux | 5.10.223-1 5.10.234-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.17-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin
- https://www.arista.com/en/support/advisories-notices/security-advisories/11998-security-advisory-58
- https://www.debian.org/security/2021/dsa-4978
- https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html
- https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
- https://launchpad.net/bugs/cve/CVE-2020-3702
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3702
- https://nvd.nist.gov/vuln/detail/CVE-2020-3702
- https://security-tracker.debian.org/tracker/CVE-2020-3702
- https://ubuntu.com/security/CVE-2020-3702
- https://lore.kernel.org/linux-wireless/CABvG-CVvPF++0vuGzCrBj8+s=Bcx1GwWfiW1_Somu_GVncTAcQ@mail.gmail.com/
- https://lore.kernel.org/stable/20210818084859.vcs4vs3yd6zetmyt@pali/t/#mf8b430d4f19f1b939a29b6c5098fdc514fd1a928
Frequently Asked Questions
What is the severity of CVE-2020-3702?
CVE-2020-3702 has been classified with a significant severity level due to its potential to lead to information disclosure.
How do I fix CVE-2020-3702?
To resolve CVE-2020-3702, update to a patched version of the affected firmware or software, as listed in the security advisories.
Which devices are affected by CVE-2020-3702?
CVE-2020-3702 affects various Qualcomm chipsets including APQ8053, IPQ4019, IPQ8064, and several others, as well as Arista Wireless Access Points.
What type of vulnerability is CVE-2020-3702?
CVE-2020-3702 is a network vulnerability that can cause internal errors in WLAN devices stemming from crafted network traffic.
Can CVE-2020-3702 enable unauthorized access to data?
Yes, CVE-2020-3702 can potentially lead to unauthorized information disclosure over the air due to improper layer 2 encryption.
- agent/type
- agent/remedy
- collector/launchpad-cve
- source/Launchpad
- agent/weakness
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/first-publish-date
- agent/last-modified-date
- agent/trending
- agent/source
- agent/author
- collector/usn-cve
- source/Ubuntu
- agent/softwarecombine
- agent/description
- agent/tags
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- package-manager/debian
- vendor/qualcomm
- canonical/qualcomm apq8053-ac firmware
- canonical/qualcomm apq8053 firmware
- canonical/qualcomm ipq4019
- canonical/qualcomm ipq4019 firmware
- canonical/qualcomm ipq8064 firmware
- canonical/qualcomm msm8909w
- canonical/qualcomm snapdragon 8909
- canonical/qualcomm msm8996au firmware
- canonical/qualcomm qca9531
- canonical/qualcomm qcn5502 firmware
- canonical/qualcomm qcs405 firmware
- canonical/qualcomm sdx20 firmware
- canonical/qualcomm sm6150p firmware
- canonical/qualcomm sm6150p
- canonical/qualcomm sm7150 firmware
- vendor/debian
- canonical/debian
- version/debian/10.0
- vendor/arista
- canonical/arista wireless access points
- version/arista wireless access points/8.8.3-12
- canonical/arista av2
- canonical/arista c-75 firmware
- canonical/arista c75-e
- canonical/arista o90e
- canonical/arista o-90
- canonical/arista w-68
- version/debian/9.0