CVSS Score v3.1
7.2
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score
0.0002
4.2th percentile
Risk Priority
14
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2026-24085 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Qualcomm Qca6391 Firmware . Its CVSS base score is 7.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 4.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Vulnerability
Related Threats
Affected Assets
Mitigating Controls
Vulnerability details
Memory Corruption when processing display command line information due to improper initialization of a variable.
CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques? Stack buffer overflow (CWE-121) directly enables local exploitation for privilege escalation via memory corruption during command-line processing.
Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1
CVEs Like This One
CVE-2026-24091 Same product: Qualcomm 5G Fixed Wireless Access Platform CVE-2026-21385 Same product: Qualcomm 5G Fixed Wireless Access Platform CVE-2025-47379 Same product: Qualcomm 5G Fixed Wireless Access Platform
Affected Assets
qualcomm
qca6391 firmware
all versions
qualcomm
qca6564au firmware
all versions
qualcomm
qca6574 firmware
all versions
qualcomm
qca6574a firmware
all versions
qualcomm
qca6574au firmware
all versions
qualcomm
qca6584au firmware
all versions
qualcomm
qca6595 firmware
all versions
qualcomm
qca6595au firmware
all versions
qualcomm
qca6678aq firmware
all versions
qualcomm
qca6688aq firmware
all versions
+263 more product configuration(s) — see NVD for full list
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.