CVE-2020-11117
Description
u'In the lbd service, an external user can issue a specially crafted debug command to overwrite arbitrary files with arbitrary content resulting in remote code execution.' in Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ6018, IPQ8064, IPQ8074, QCA4531, QCA9531, QCA9980
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The lbd service in Qualcomm chipsets allows unauthenticated attackers to overwrite arbitrary files via a debug command, leading to remote code execution.
Vulnerability
The Qualcomm Load Balancing Daemon (lbd) service, present in affected Snapdragon and Qualcomm networking chips (IPQ4019, IPQ6018, IPQ8064, IPQ8074, QCA4531, QCA9531, QCA9980) and as used in Synology SRM 1.2.3, exposes debug functionality on ports 7786 and 7787 without authentication [1]. The redirect debug command allows writing debug output to an arbitrary file path, enabling an attacker to overwrite any file on the system with attacker-controlled content [1].
Exploitation
An attacker with network access to the LAN can connect to the lbd service on port 7786 or 7787 and issue the redirect command with a target path, such as a system executable or script [1]. By crafting the debug output to contain executable code, the attacker can write arbitrary content to that file. No authentication or user interaction is required [1].
Impact
Successful exploitation allows the attacker to overwrite arbitrary files with arbitrary content, leading to remote code execution with the privileges of the lbd service (typically root) [1]. This compromises confidentiality, integrity, and availability of the affected device.
Mitigation
The available reference does not provide specific mitigation details or a patched version [1]. Users should consult Qualcomm and Synology for security updates. As a workaround, blocking network access to ports 7786 and 7787 on affected devices may reduce exposure.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Qualcomm, Inc./Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Wired Infrastructure and Networkingv5Range: IPQ4019, IPQ6018, IPQ8064, IPQ8074, QCA4531, QCA9531, QCA9980
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.qualcomm.com/company/product-security/bulletins/august-2020-bulletinmitrex_refsource_CONFIRM
- www.talosintelligence.com/vulnerability_reports/TALOS-2020-1065mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.