CVE-2020-11117

Name of the Vulnerable Software and Affected Versions: Qualcomm products versions IPQ4019, IPQ6018, IPQ8064, IPQ8074, QCA4531, QCA9531, QCA9980

Description: The issue arises from insufficient input validation in the lbd service, allowing an external user to issue a specially crafted debug command. This can result in the overwrite of arbitrary files with arbitrary content, leading to remote code execution.

Recommendations: For Qualcomm products versions IPQ4019, IPQ6018, IPQ8064, IPQ8074, QCA4531, QCA9531, QCA9980, consider disabling the lbd service until a patch is available to prevent remote code execution. Restrict access to the debug command to minimize the risk of exploitation. Avoid using the debug command in the affected service until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.