Description
Information Disclosure when resetting device to factory default settings through powerline interface allows unauthorized access to device configuration.
Published: 2026-06-01
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows an attacker to gain unauthorized access to device configuration when the device is reset to factory defaults via the powerline interface. This information disclosure could reveal sensitive settings that might be used to compromise system integrity or facilitate further attacks. The weakness is classified as CWE‑1230, highlighting improper handling of configuration data during reset procedures.

Affected Systems

Qualcomm, Inc. Snapdragon powerline communication firmware. The entry does not specify version ranges, so all firmware builds that support factory reset over powerline may be affected until a patch is applied.

Risk and Exploitability

The CVSS score of 6.5 points to moderate risk. No EPSS score is available, and the vulnerability is not listed in CISA’s KEV catalog, indicating no publicly known exploitation yet. The likely attack vector involves an attacker with access to the powerline network or physical access to the device, potentially leveraging the reset capability to exfiltrate configuration data. Prompt remediation is advised as the disclosure could enable further compromise.

Generated by OpenCVE AI on June 1, 2026 at 23:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply Qualcomm’s latest firmware update for Snapdragon devices that addresses the information disclosure during factory reset.
  • Restrict or disable the powerline reset functionality if it is not essential to device operation.
  • Implement network segmentation or firewall rules to isolate the powerline network and monitor for unauthorized reset attempts.

Generated by OpenCVE AI on June 1, 2026 at 23:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Qualcomm fastconnect 7800
Qualcomm fastconnect 7800 Firmware
Qualcomm qca7005
Qualcomm qca7005 Firmware
Qualcomm snapdragon Ar1 Gen 1 Platform
Qualcomm snapdragon Ar1 Gen 1 Platform Firmware
Qualcomm wcd9380
Qualcomm wcd9380 Firmware
Qualcomm wcd9385
Qualcomm wcd9385 Firmware
Qualcomm wsa8830
Qualcomm wsa8830 Firmware
Qualcomm wsa8832
Qualcomm wsa8832 Firmware
Qualcomm wsa8835
Qualcomm wsa8835 Firmware
CPEs cpe:2.3:h:qualcomm:fastconnect_7800:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qca7005:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:snapdragon_ar1_gen_1_platform:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcd9385:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wsa8832:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:qca7005_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:snapdragon_ar1_gen_1_platform_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wsa8832_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*
Vendors & Products Qualcomm fastconnect 7800
Qualcomm fastconnect 7800 Firmware
Qualcomm qca7005
Qualcomm qca7005 Firmware
Qualcomm snapdragon Ar1 Gen 1 Platform
Qualcomm snapdragon Ar1 Gen 1 Platform Firmware
Qualcomm wcd9380
Qualcomm wcd9380 Firmware
Qualcomm wcd9385
Qualcomm wcd9385 Firmware
Qualcomm wsa8830
Qualcomm wsa8830 Firmware
Qualcomm wsa8832
Qualcomm wsa8832 Firmware
Qualcomm wsa8835
Qualcomm wsa8835 Firmware

Tue, 02 Jun 2026 00:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 02 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
First Time appeared Qualcomm
Qualcomm snapdragon
Vendors & Products Qualcomm
Qualcomm snapdragon

Mon, 01 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Description Information Disclosure when resetting device to factory default settings through powerline interface allows unauthorized access to device configuration.
Title Exposure of Sensitive Information Through Metadata in Powerline Communication Firmware
Weaknesses CWE-1230
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Qualcomm Fastconnect 7800 Fastconnect 7800 Firmware Qca7005 Qca7005 Firmware Snapdragon Snapdragon Ar1 Gen 1 Platform Snapdragon Ar1 Gen 1 Platform Firmware Wcd9380 Wcd9380 Firmware Wcd9385 Wcd9385 Firmware Wsa8830 Wsa8830 Firmware Wsa8832 Wsa8832 Firmware Wsa8835 Wsa8835 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: qualcomm

Published:

Updated: 2026-06-01T23:48:28.597Z

Reserved: 2025-09-18T03:19:23.201Z

Link: CVE-2025-59601

cve-icon Vulnrichment

Updated: 2026-06-01T23:48:25.521Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-01T23:16:15.477

Modified: 2026-06-02T18:00:59.050

Link: CVE-2025-59601

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T00:00:13Z

Weaknesses
  • CWE-1230

    Exposure of Sensitive Information Through Metadata