Denial of Service Vulnerability in Qualcomm QCMAP Software Suite
CVE-2020-25858

7.5HIGH

Key Information:

Vendor: Qualcomm
Status: Qualcomm Qcmap
Vendor: CVE Published:; 15 October 2020

Summary

A vulnerability in the QCMAP_Web_CLIENT binary of Qualcomm's QCMAP software suite allows attackers to cause a denial of service by sending specially crafted URLs to the web interface. This flaw arises from improper validation of return values from string search functions within the Tokenizer() function, which may lead to process crashes. Devices utilizing this version of QCMAP, commonly found in mobile hotspots and LTE routers, are significantly impacted.

Affected Version(s)

Qualcomm QCMAP Fixed in October 2020

References

http://vdoo.com/blog/qualcomm-qcmap-vulnerabilities

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 15, 2020
Vulnerability Reserved
Sep 23, 2020