A recent supply chain security assessment revealed significant vulnerabilities in Qualcomm’s QCMAP architecture, which is widely used in various networking devices such as mobile hotspots and LTE routers, potentially affecting millions of devices. The vulnerabilities include a stack-based buffer overflow, a NULL dereference, and command injections, which could allow attackers to gain remote root access. These issues were responsibly disclosed to Qualcomm, who had already developed patches in 2019, and were officially listed in the Android Security Bulletin in October 2020 with critical impact ratings. The assessment highlighted the importance of identifying vulnerabilities in closed-source components through automated security analysis, a process that was instrumental in discovering these issues. The JFrog security research team analyzed the firmware images using their automated tools, verifying the vulnerabilities before reporting them to Qualcomm. Mitigation strategies have been suggested for users unable to update or patch their devices, emphasizing the need for network security measures such as firewalls and restricted web access.