Cyber Resilience

CVE-2024-33073

High

Published: 07 October 2024

Published
07 October 2024
Modified
11 August 2025
KEV Added
Patch
CVSS Score v3.1 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
EPSS Score 0.0012 30.8th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-33073 is a high-severity Buffer Over-read (CWE-126) vulnerability in Qualcomm Wsa8845H Firmware. Its CVSS base score is 8.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Wi-Fi Discovery (T1016.002); ranked at the 30.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Information disclosure while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1016.002 Wi-Fi Discovery Discovery
Adversaries may search for information about Wi-Fi networks, such as network names and passwords, on compromised systems.
Why these techniques?

The vulnerability enables information disclosure of BSS parameter change count and MLD capabilities via malformed ML IE in Wi-Fi management frames, facilitating Wi-Fi Discovery (T1016.002) by leaking wireless network configuration and multi-link capabilities.

Affected Assets

qualcomm
wsa8845h firmware
all versions
qualcomm
wsa8845 firmware
all versions
qualcomm
wsa8840 firmware
all versions
qualcomm
wsa8835 firmware
all versions
qualcomm
wsa8832 firmware
all versions
qualcomm
wsa8830 firmware
all versions
qualcomm
wcd9395 firmware
all versions
qualcomm
wcd9390 firmware
all versions
qualcomm
wcd9385 firmware
all versions
qualcomm
wcd9380 firmware
all versions
+149 more product configuration(s) — see NVD for full list

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References