📄 Description (English)
Transient DOS when processing nonstandard FILS Discovery Frames with out-of-range action sizes during initial scans.
🤖 AI Executive Summary
CVE-2026-21367 is a transient denial-of-service vulnerability affecting multiple Qualcomm WiFi chipsets through malformed FILS Discovery Frames with out-of-range action sizes. The vulnerability causes temporary service disruption during initial network scans, impacting wireless connectivity across enterprise and consumer devices. With no patch currently available and widespread Qualcomm chipset deployment in Saudi infrastructure, organizations face immediate risk of network instability.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Apr 29, 2026 22:49
🇸🇦 Saudi Arabia Impact Assessment
Saudi telecommunications sector (STC, Mobily, Zain) faces significant risk as FILS Discovery Frame processing affects WiFi connectivity in mobile devices and enterprise networks. Banking sector (SAMA-regulated institutions) may experience service disruptions in branch networks and customer-facing WiFi systems. Government agencies and critical infrastructure operators using Qualcomm FastConnect chipsets (6200/6700/6900/7800 series) in network equipment face potential operational disruptions. Healthcare facilities dependent on WiFi-enabled medical devices and IoT systems are at risk. Energy sector (ARAMCO) operations utilizing wireless connectivity in industrial environments could experience temporary network outages.
🏢 Affected Saudi Sectors
Telecommunications (STC, Mobily, Zain)
Banking and Financial Services
Government and Public Administration
Healthcare
Energy and Utilities (ARAMCO)
Critical Infrastructure
Enterprise Networks
IoT and Smart Devices
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
6.8
/ 10.0
🔧 Remediation Steps (English)
Immediate Actions:
1. Inventory all devices using affected Qualcomm chipsets (FastConnect 6200/6700/6900/7800, AR8035, Cologne, CSR8811, FWA Gen 3 Ultra, G2 Gen 1, Immersive Home 214)
2. Monitor network logs for FILS Discovery Frame anomalies and unexpected WiFi disconnections
3. Implement network segmentation to isolate critical systems from potentially affected WiFi networks
Compensating Controls:
4. Disable FILS (Fast Initial Link Setup) on WiFi access points if not operationally required
5. Configure WiFi access points to filter or validate FILS Discovery Frames at the AP level
6. Implement rate limiting on WiFi probe requests and discovery frame processing
7. Deploy intrusion detection signatures to identify malformed FILS frames with out-of-range action sizes
8. Establish WiFi network monitoring to detect and alert on transient disconnection patterns
Detection Rules:
- Monitor for repeated WiFi disconnections during initial network scans
- Alert on FILS Discovery Frames with action field values exceeding standard ranges (>255)
- Track device reconnection attempts following brief connectivity loss
- Correlate WiFi chipset models with service disruption incidents
Patching Strategy:
9. Subscribe to Qualcomm security advisories for firmware updates
10. Establish firmware update procedures for affected devices once patches become available
11. Prioritize patching for devices in critical infrastructure and high-availability environments
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. حصر جميع الأجهزة التي تستخدم شرائح Qualcomm المتأثرة (FastConnect 6200/6700/6900/7800، AR8035، Cologne، CSR8811، FWA Gen 3 Ultra، G2 Gen 1، Immersive Home 214)
2. مراقبة سجلات الشبكة للكشف عن شذوذ إطارات FILS Discovery وقطع الاتصال اللاسلكي غير المتوقعة
3. تنفيذ تقسيم الشبكة لعزل الأنظمة الحرجة عن شبكات WiFi المتأثرة المحتملة
الضوابط التعويضية:
4. تعطيل FILS (إعداد الارتباط الأولي السريع) على نقاط الوصول اللاسلكية إذا لم تكن مطلوبة تشغيلياً
5. تكوين نقاط الوصول اللاسلكية لتصفية أو التحقق من صحة إطارات FILS Discovery على مستوى AP
6. تنفيذ تحديد معدل على طلبات WiFi Probe ومعالجة إطارات الاكتشاف
7. نشر توقيعات كشف التسلل للتعرف على إطارات FILS المشوهة ذات قيم الإجراءات خارج النطاق
8. إنشاء مراقبة شبكة WiFi للكشف والتنبيه عن أنماط قطع الاتصال المؤقتة
قواعد الكشف:
- مراقبة قطع الاتصال اللاسلكي المتكرر أثناء عمليات المسح الأولية للشبكة
- التنبيه على إطارات FILS Discovery ذات قيم حقل الإجراء التي تتجاوز النطاقات القياسية (>255)
- تتبع محاولات إعادة الاتصال بالجهاز بعد فقدان الاتصال المختصر
- ربط نماذج شرائح WiFi مع حوادث انقطاع الخدمة
استراتيجية التصحيح:
9. الاشتراك في تنبيهات أمان Qualcomm لتحديثات البرامج الثابتة
10. إنشاء إجراءات تحديث البرامج الثابتة للأجهزة المتأثرة بمجرد توفر التصحيحات
11. إعطاء الأولوية لتصحيح الأجهزة في البنية التحتية الحرجة وبيئات التوفر العالي
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.8.1 - Asset Management and Inventory Control (affected chipset tracking)
ECC 2024 A.12.6 - Management of Technical Vulnerabilities (vulnerability assessment and remediation)
ECC 2024 A.13.1 - Network Security (WiFi network protection and monitoring)
🔵 SAMA CSF
SAMA CSF ID.BE-1 - Business Environment (operational resilience of wireless networks)
SAMA CSF PR.DS-1 - Data Security Baseline (protection of wireless communications)
SAMA CSF DE.CM-1 - Detection and Analysis (monitoring for WiFi anomalies)
🟡 ISO 27001:2022
ISO 27001:2022 A.5.19 - Inventory of Information and Other Assets
ISO 27001:2022 A.8.1 - Screening (vulnerability management)
ISO 27001:2022 A.8.6 - Management of Technical Vulnerabilities
ISO 27001:2022 A.13.1 - Network Security
🟣 PCI DSS v4.0.1
PCI DSS 6.2 - Security patches for system components (if payment systems use affected WiFi)
PCI DSS 11.2 - Vulnerability scanning and assessment
📦 Affected Products / CPE 50 entries
qualcomm:ar8035_firmware:-
qualcomm:cologne_firmware:-
qualcomm:csr8811_firmware:-
qualcomm:fastconnect_6200_firmware:-
qualcomm:fastconnect_6700_firmware:-
qualcomm:fastconnect_6900_firmware:-
qualcomm:fastconnect_7800_firmware:-
qualcomm:fwa_gen_3_ultra_firmware:-
qualcomm:g2_gen_1_firmware:-
qualcomm:immersive_home_214_platform_firmware:-
qualcomm:immersive_home_216_platform_firmware:-
qualcomm:immersive_home_316_platform_firmware:-
qualcomm:immersive_home_318_platform_firmware:-
qualcomm:ipq5010_firmware:-
qualcomm:ipq5028_firmware:-
qualcomm:ipq6000_firmware:-
qualcomm:ipq6010_firmware:-
qualcomm:ipq6018_firmware:-
qualcomm:ipq8076_firmware:-
qualcomm:ipq8078_firmware:-
qualcomm:ipq9574_firmware:-
qualcomm:milos_firmware:-
qualcomm:netrani_firmware:-
qualcomm:networking_pro_1200_platform_firmware:-
qualcomm:networking_pro_1210_platform_firmware:-
qualcomm:networking_pro_1610_platform_firmware:-
qualcomm:networking_pro_400_platform_firmware:-
qualcomm:networking_pro_600_platform_firmware:-
qualcomm:networking_pro_610_platform_firmware:-
qualcomm:networking_pro_800_platform_firmware:-
qualcomm:networking_pro_810_platform_firmware:-
qualcomm:orne_firmware:-
qualcomm:palawan25_firmware:-
qualcomm:pandeiro_firmware:-
qualcomm:qca4024_firmware:-
qualcomm:qca6391_firmware:-
qualcomm:qca6698au_firmware:-
qualcomm:qca6777aq_firmware:-
qualcomm:qca6787aq_firmware:-
qualcomm:qca6797aq_firmware:-
qualcomm:qca8075_firmware:-
qualcomm:qca8081_firmware:-
qualcomm:qca8082_firmware:-
qualcomm:qca8084_firmware:-
qualcomm:qca8085_firmware:-
qualcomm:qca8337_firmware:-
qualcomm:qca8386_firmware:-
qualcomm:qca9888_firmware:-
qualcomm:qca9889_firmware:-
qualcomm:qcc2073_firmware:-