CVE-2020-3702

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon Auto versions APQ8053 through SM7150 Qualcomm Snapdragon Compute versions APQ8053 through SM7150 Qualcomm Snapdragon Connectivity versions APQ8053 through SM7150 Qualcomm Snapdragon Consumer IOT versions APQ8053 through SM7150 Qualcomm Snapdragon Industrial IOT versions APQ8053 through SM7150 Qualcomm Snapdragon Mobile versions APQ8053 through SM7150 Qualcomm Snapdragon Voice & Music versions APQ8053 through SM7150 Qualcomm Snapdragon Wearables versions APQ8053 through SM7150 Qualcomm Snapdragon Wired Infrastructure and Networking versions APQ8053 through SM7150 MediaTek Wi-Fi chips (affected versions not specified)

Description The issue is related to improper layer 2 Wi-Fi encryption, allowing an attacker to intercept and decrypt Wi-Fi traffic protected by the WPA2 protocol. This can be achieved by sending specifically timed and handcrafted traffic to a WLAN device, causing internal errors. The vulnerability is similar to the Kr00k vulnerability and affects Qualcomm and MediaTek Wi-Fi chips.

Recommendations For Qualcomm Snapdragon Auto versions APQ8053 through SM7150, consider disabling the Wi-Fi functionality until a patch is available. For Qualcomm Snapdragon Compute versions APQ8053 through SM7150, restrict access to the WLAN device to minimize the risk of exploitation. For Qualcomm Snapdragon Connectivity versions APQ8053 through SM7150, avoid using the WPA2 protocol in the affected API endpoint until the issue is resolved. For Qualcomm Snapdragon Consumer IOT versions APQ8053 through SM7150, consider implementing additional security measures, such as encryption, to protect sensitive data. For Qualcomm Snapdragon Industrial IOT versions APQ8053 through SM7150, restrict access to the WLAN device and implement additional security measures to minimize the risk of exploitation. For Qualcomm Snapdragon Mobile versions APQ8053 through SM7150, consider disabling the Wi-Fi functionality until a patch is available. For Qualcomm Snapdragon Voice & Music versions APQ8053 through SM7150, restrict access to the WLAN device to minimize the risk of exploitation. For Qualcomm Snapdragon Wearables versions APQ8053 through SM7150, consider implementing additional security measures, such as encryption, to protect sensitive data. For Qualcomm Snapdragon Wired Infrastructure and Networking versions APQ8053 through SM7150, restrict access to the WLAN device and implement additional security measures to minimize the risk of exploitation. For MediaTek Wi-Fi chips, at the moment, there is no information about a newer version that contains a fix for this vulnerability.