PT-2024-36457 · Quectel · Quectel Bc25
Published
2024-12-19
·
Updated
2025-01-16
·
CVE-2024-54982
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Quectel BC25 version BC25PAR01A06
Description
The issue allows attackers to bypass authentication via a crafted NAS message. It is noted that Quectel disputes this because the issue is in the chipset supply chain and is not localized to one or more Quectel products.
Recommendations
For Quectel BC25 version BC25PAR01A06, consider disabling the use of crafted NAS messages until a patch is available. Restrict access to the authentication mechanism to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Quectel Bc25