diff --git a/doc/nrf/releases/release-notes-changelog.rst b/doc/nrf/releases/release-notes-changelog.rst
index 6147faebbee..085ff336b76 100644
--- a/doc/nrf/releases/release-notes-changelog.rst
+++ b/doc/nrf/releases/release-notes-changelog.rst
@@ -337,6 +337,10 @@ Modem libraries
 
   * Updated the library to allow a ``PDP_type``-only configuration in the :c:func:`pdn_ctx_configure` function.
 
+* :ref:`nrf_modem_lib_readme`:
+
+   * Updated the :c:func:`modem_key_mgmt_cmp` function to return ``1`` if the buffer length does not match the certificate length.
+
 Libraries for networking
 ------------------------
 
diff --git a/lib/modem_key_mgmt/modem_key_mgmt.c b/lib/modem_key_mgmt/modem_key_mgmt.c
index 49f5b351eec..b6f53cabc79 100644
--- a/lib/modem_key_mgmt/modem_key_mgmt.c
+++ b/lib/modem_key_mgmt/modem_key_mgmt.c
@@ -188,7 +188,7 @@ int modem_key_mgmt_cmp(nrf_sec_tag_t sec_tag,
 		       const void *buf, size_t len)
 {
 	int err;
-	char *p;
+	char *begin, *end;
 
 	if (buf == NULL) {
 		return -EINVAL;
@@ -199,16 +199,26 @@ int modem_key_mgmt_cmp(nrf_sec_tag_t sec_tag,
 		return err;
 	}
 
-	p = scratch_buf;
+	begin = scratch_buf;
 	for (size_t i = 0; i < 3; i++) {
-		p = strchr(p, '\"');
-		if (!p) {
+		begin = strchr(begin, '\"');
+		if (!begin) {
 			return -ENOENT;
 		}
-		p++;
+		begin++;
+	}
+
+	end = strchr(begin, '\"');
+	if (!end) {
+		return -ENOENT;
+	}
+
+	if (end - begin != len) {
+		LOG_DBG("Credential length mismatch");
+		return 1;
 	}
 
-	if (memcmp(p, buf, len)) {
+	if (memcmp(begin, buf, len)) {
 		LOG_DBG("Credential data mismatch");
 		return 1;
 	}