CVE-2018-11922

CRITICAL
Published Nov 26, 2024 Modified Jan 9, 2025 CWE-16

Description

Wrong configuration in Touch Pal application can collect user behavior data without awareness by the user.

Is your site exposed to CVE-2018-11922?

Run a free security scan — no signup, results in seconds.

CVSS v3.1 Score

9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness Type (CWE)

CWE-16 CWE-16

Affected Products

Vendor Product
qualcomm mdm9206_firmware
qualcomm mdm9206
qualcomm mdm9607_firmware
qualcomm mdm9607
qualcomm mdm9640_firmware
qualcomm mdm9640
qualcomm mdm9650_firmware
qualcomm mdm9650
qualcomm 215_firmware
qualcomm 215
qualcomm sd_210_firmware
qualcomm sd_210
qualcomm sd_212_firmware
qualcomm sd_212
qualcomm sd_205_firmware
qualcomm sd_205
qualcomm sd_425_firmware
qualcomm sd_425
qualcomm sd_427_firmware
qualcomm sd_427
qualcomm sd_430_firmware
qualcomm sd_430
qualcomm sd_435_firmware
qualcomm sd_435
qualcomm sd_439_firmware
qualcomm sd_439
qualcomm sd_429_firmware
qualcomm sd_429
qualcomm sd_450_firmware
qualcomm sd_450
qualcomm sd_625_firmware
qualcomm sd_625
qualcomm sd_632_firmware
qualcomm sd_632
qualcomm sd_845_firmware
qualcomm sd_845
qualcomm sd_850_firmware
qualcomm sd_850
qualcomm sda660_firmware
qualcomm sda660
qualcomm sdm439_firmware
qualcomm sdm439
qualcomm sdx20_firmware
qualcomm sdx20

References

Frequently Asked Questions

What is CVE-2018-11922? +
Wrong configuration in Touch Pal application can collect user behavior data without awareness by the user. It has a CVSS v3.1 base score of 9.8 (CRITICAL).
How severe is CVE-2018-11922? +
CVE-2018-11922 has a CVSS v3.1 score of 9.8 out of 10, rated CRITICAL. This is a critical vulnerability that should be patched immediately.
What products are affected by CVE-2018-11922? +
CVE-2018-11922 affects products from qualcomm, specifically: 215, 215_firmware, mdm9206, mdm9206_firmware, mdm9607, mdm9607_firmware, mdm9640, mdm9640_firmware, mdm9650, mdm9650_firmware, sd_205, sd_205_firmware, sd_210, sd_210_firmware, sd_212, sd_212_firmware, sd_425, sd_425_firmware, sd_427, sd_427_firmware, sd_429, sd_429_firmware, sd_430, sd_430_firmware, sd_435, sd_435_firmware, sd_439, sd_439_firmware, sd_450, sd_450_firmware, sd_625, sd_625_firmware, sd_632, sd_632_firmware, sd_845, sd_845_firmware, sd_850, sd_850_firmware, sda660, sda660_firmware, sdm439, sdm439_firmware, sdx20, sdx20_firmware. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2018-11922? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2018-11922 — free, no signup required.