Hello,
can you tell me if there are already fixes for the problems found here:
https://asset-group.github.io/disclosures/5ghoul/
In my case I have a RM520N-GL, so special interest is for this module.
Currently I have:
RM520NGLAAR01A07M4G
PS: Are 4G modules also affected by these problems?
Many thanks!
Best regards,
Martin
What does this mean?
Summary: Is there already a firmware for RM520N-GL which fixes the problems found in 5Ghoul?
5Ghoul are a collection of security related problems.
I want to know if there is already a firmware update (at least for RM520N-GL) which fixes some or all of mentioned problems.
I assume the problems are not related to Quectels part, but already in base delivery of Qualcomm.
They mention a lot CVEs like:
CVE-2023-20702
CVE-2023-32841
CVE-2023-32842
CVE-2023-32843
CVE-2023-32844
CVE-2023-32845
CVE-2023-32846
CVE-2023-33042
CVE-2023-33043
CVE-2023-33044
I need the info to tell my customer if the security related issues could affect him,
or are already fixed when using a certain firmware version.
If a new firmware version is needed to fix the problems, I need to integrate this into our environment.
I am not able to retest and confirm that these security problems are fixed.
I can only trust what the manufacturer is saying.
If no info is available from Qualcomm (but I hope this is not the case),
perhaps the security researcher can retest a RM520N-GL with latest firmware?
These 3 seems to be Qualcomm related:
Dear @capiman
There is no mention of the Qualcomm X62 chipset(RG520N) being vulnerable to the 5G HOUL vulnerabilities.
This is great news, that RM520N-GL is not affected.
Being not affected then means no effort to change something.
Many thanks for your effort to clarify this!
I think we can then close this entry.