Description
Information Disclosure when resetting device to factory default settings through powerline interface allows unauthorized access to device configuration.
Published: 2026-06-01
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows an attacker to gain unauthorized access to device configuration when the device is reset to factory defaults via the powerline interface. This information disclosure could reveal sensitive settings that might be used to compromise system integrity or facilitate further attacks. The weakness is classified as CWE‑1230, highlighting improper handling of configuration data during reset procedures.

Affected Systems

Qualcomm, Inc. Snapdragon powerline communication firmware. The entry does not specify version ranges, so all firmware builds that support factory reset over powerline may be affected until a patch is applied.

Risk and Exploitability

The CVSS score of 6.5 points to moderate risk. No EPSS score is available, and the vulnerability is not listed in CISA’s KEV catalog, indicating no publicly known exploitation yet. The likely attack vector involves an attacker with access to the powerline network or physical access to the device, potentially leveraging the reset capability to exfiltrate configuration data. Prompt remediation is advised as the disclosure could enable further compromise.

Generated by OpenCVE AI on June 1, 2026 at 23:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply Qualcomm’s latest firmware update for Snapdragon devices that addresses the information disclosure during factory reset.
  • Restrict or disable the powerline reset functionality if it is not essential to device operation.
  • Implement network segmentation or firewall rules to isolate the powerline network and monitor for unauthorized reset attempts.

Generated by OpenCVE AI on June 1, 2026 at 23:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 00:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 02 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
First Time appeared Qualcomm
Qualcomm snapdragon
Vendors & Products Qualcomm
Qualcomm snapdragon

Mon, 01 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Description Information Disclosure when resetting device to factory default settings through powerline interface allows unauthorized access to device configuration.
Title Exposure of Sensitive Information Through Metadata in Powerline Communication Firmware
Weaknesses CWE-1230
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Qualcomm Snapdragon
cve-icon MITRE

Status: PUBLISHED

Assigner: qualcomm

Published:

Updated: 2026-06-01T23:48:28.597Z

Reserved: 2025-09-18T03:19:23.201Z

Link: CVE-2025-59601

cve-icon Vulnrichment

Updated: 2026-06-01T23:48:25.521Z

cve-icon NVD

Status : Received

Published: 2026-06-01T23:16:15.477

Modified: 2026-06-01T23:16:15.477

Link: CVE-2025-59601

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T00:00:13Z

Weaknesses