Broadcom firmware before summer 2014 on Nexus 5 BCM4335C0 2012-12-11, Raspberry Pi 3 BCM43438A1 2014-06-02, and unspecifed other devices does not properly restrict LMP commnds and executes certain memory contents upon receiving an LMP command, as demonstrated by executing an HCI command.
Conclusion & alert: CVE-2018-19860 is rated Moderate Risk (56.1/100): CVSS High severity, with medium exploitation likelihood (EPSS 1.02%). Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.61% | 1.02% | +0.41% |
| 2 | 2025-11-21 | 0.47% | 0.61% | +0.14% |
| 3 | 2025-11-18 | — | 0.47% | — |
Full EPSS history (13 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 8.8 | 3.0 | HIGH |
|
2.8 | 5.9 | [email protected] |
| 5.8 | 2.0 | MEDIUM |
|
6.5 | 6.4 | [email protected] |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| broadcom | bcm4335c0_firmware | 2012-12-11 | cpe:2.3:o:broadcom:bcm4335c0_firmware:2012-12-11:*:*:*:*:*:*:* |
| broadcom | bcm43438a1_firmware | 2014-06-02 | cpe:2.3:o:broadcom:bcm43438a1_firmware:2014-06-02:*:*:*:*:*:*:* |
| cypress | cyw20702a1kwfbg_firmware | — | cpe:2.3:o:cypress:cyw20702a1kwfbg_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw20702a1kwfbgt_firmware | — | cpe:2.3:o:cypress:cyw20702a1kwfbgt_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw20702b0kwfbg_firmware | — | cpe:2.3:o:cypress:cyw20702b0kwfbg_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw20702b0kwfbgt_firmware | — | cpe:2.3:o:cypress:cyw20702b0kwfbgt_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw20703ua1kffb1g_firmware | — | cpe:2.3:o:cypress:cyw20703ua1kffb1g_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw20703ua1kffb1gt_firmware | — | cpe:2.3:o:cypress:cyw20703ua1kffb1gt_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw20704ua1kffb1g_firmware | — | cpe:2.3:o:cypress:cyw20704ua1kffb1g_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw20704ua1kffb1gt_firmware | — | cpe:2.3:o:cypress:cyw20704ua1kffb1gt_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw20704ua2kffb1g_firmware | — | cpe:2.3:o:cypress:cyw20704ua2kffb1g_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw20704ua2kffb1gt_firmware | — | cpe:2.3:o:cypress:cyw20704ua2kffb1gt_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw20705a1kwfbgt_firmware | — | cpe:2.3:o:cypress:cyw20705a1kwfbgt_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw20705b0kwfbg_firmware | — | cpe:2.3:o:cypress:cyw20705b0kwfbg_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw20705b0kwfbgt_firmware | — | cpe:2.3:o:cypress:cyw20705b0kwfbgt_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw20706ua1kffb1g_firmware | — | cpe:2.3:o:cypress:cyw20706ua1kffb1g_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw20706ua1kffb1gt_firmware | — | cpe:2.3:o:cypress:cyw20706ua1kffb1gt_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw20706ua1kffb4g_firmware | — | cpe:2.3:o:cypress:cyw20706ua1kffb4g_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw20706ua2kffb4g_firmware | — | cpe:2.3:o:cypress:cyw20706ua2kffb4g_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw20706ua2kffb4gt_firmware | — | cpe:2.3:o:cypress:cyw20706ua2kffb4gt_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw20707a2kubgt_firmware | — | cpe:2.3:o:cypress:cyw20707a2kubgt_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw20707ua1kffb1g_firmware | — | cpe:2.3:o:cypress:cyw20707ua1kffb1g_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw20707ua1kffb4g_firmware | — | cpe:2.3:o:cypress:cyw20707ua1kffb4g_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw20707ua1kffb4gt_firmware | — | cpe:2.3:o:cypress:cyw20707ua1kffb4gt_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw20707ua2kffb4g_firmware | — | cpe:2.3:o:cypress:cyw20707ua2kffb4g_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw20707ua2kffb4gt_firmware | — | cpe:2.3:o:cypress:cyw20707ua2kffb4gt_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw20707va1pkwbgt_firmware | — | cpe:2.3:o:cypress:cyw20707va1pkwbgt_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw20707va2pkwbgt_firmware | — | cpe:2.3:o:cypress:cyw20707va2pkwbgt_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw20730a1kfbg_firmware | — | cpe:2.3:o:cypress:cyw20730a1kfbg_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw20730a1kfbgt_firmware | — | cpe:2.3:o:cypress:cyw20730a1kfbgt_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw20730a1kml2g_firmware | — | cpe:2.3:o:cypress:cyw20730a1kml2g_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw20730a1kml2gt_firmware | — | cpe:2.3:o:cypress:cyw20730a1kml2gt_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw20730a1kmlg_firmware | — | cpe:2.3:o:cypress:cyw20730a1kmlg_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw20730a1kmlgt_firmware | — | cpe:2.3:o:cypress:cyw20730a1kmlgt_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw20730a2kfbg_firmware | — | cpe:2.3:o:cypress:cyw20730a2kfbg_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw20730a2kfbgt_firmware | — | cpe:2.3:o:cypress:cyw20730a2kfbgt_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw20730a2kml2g_firmware | — | cpe:2.3:o:cypress:cyw20730a2kml2g_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw20730a2kml2gt_firmware | — | cpe:2.3:o:cypress:cyw20730a2kml2gt_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw20733a1kfb1gt_firmware | — | cpe:2.3:o:cypress:cyw20733a1kfb1gt_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw20733a2kfb1g_firmware | — | cpe:2.3:o:cypress:cyw20733a2kfb1g_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw20733a2kfb1gt_firmware | — | cpe:2.3:o:cypress:cyw20733a2kfb1gt_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw20733a2kml1g_firmware | — | cpe:2.3:o:cypress:cyw20733a2kml1g_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw20733a2kml1gt_firmware | — | cpe:2.3:o:cypress:cyw20733a2kml1gt_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw20733a3kfb1g_firmware | — | cpe:2.3:o:cypress:cyw20733a3kfb1g_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw20733a3kfb1gt_firmware | — | cpe:2.3:o:cypress:cyw20733a3kfb1gt_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw20733a3kfb2gt_firmware | — | cpe:2.3:o:cypress:cyw20733a3kfb2gt_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw20733a3kml1g_firmware | — | cpe:2.3:o:cypress:cyw20733a3kml1g_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw20733a3kml1gt_firmware | — | cpe:2.3:o:cypress:cyw20733a3kml1gt_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw20734ua1kffb3g_firmware | — | cpe:2.3:o:cypress:cyw20734ua1kffb3g_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw20734ua1kffb3gt_firmware | — | cpe:2.3:o:cypress:cyw20734ua1kffb3gt_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw20734ua2kffb3g_firmware | — | cpe:2.3:o:cypress:cyw20734ua2kffb3g_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw20734ua2kffb3gt_firmware | — | cpe:2.3:o:cypress:cyw20734ua2kffb3gt_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw43438kubgt_firmware | — | cpe:2.3:o:cypress:cyw43438kubgt_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw4343w1kubgt_firmware | — | cpe:2.3:o:cypress:cyw4343w1kubgt_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw4343wkubgt_firmware | — | cpe:2.3:o:cypress:cyw4343wkubgt_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw4343wkwbgt_firmware | — | cpe:2.3:o:cypress:cyw4343wkwbgt_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw4354kkwbgt_firmware | — | cpe:2.3:o:cypress:cyw4354kkwbgt_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw4354xkubgt_firmware | — | cpe:2.3:o:cypress:cyw4354xkubgt_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw89071a1cubxgt_firmware | — | cpe:2.3:o:cypress:cyw89071a1cubxgt_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw89072brfb5g_firmware | — | cpe:2.3:o:cypress:cyw89072brfb5g_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw89072brfb5gt_firmware | — | cpe:2.3:o:cypress:cyw89072brfb5gt_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw89335l2cubgt_firmware | — | cpe:2.3:o:cypress:cyw89335l2cubgt_firmware:-:*:*:*:*:*:*:* |
| cypress | cyw89335lcubgt_firmware | — | cpe:2.3:o:cypress:cyw89335lcubgt_firmware:-:*:*:*:*:*:*:* |