CVE-2020-25858

7.5HIGH

Key Information:

Vendor: Qualcomm
Status: Qualcomm Qcmap
Vendor: CVE Published:; 15 October 2020

Summary

The QCMAP_Web_CLIENT binary in the Qualcomm QCMAP software suite prior to versions released in October 2020 does not validate the return value of a strstr() or strchr() call in the Tokenizer() function. An attacker who invokes the web interface with a crafted URL can crash the process, causing denial of service. This version of QCMAP is used in many kinds of networking devices, primarily mobile hotspots and LTE routers.

Affected Version(s)

Qualcomm QCMAP Fixed in October 2020

References

http://vdoo.com/blog/qualcomm-qcmap-vulnerabilities

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 15, 2020
Vulnerability Reserved
Sep 23, 2020