Denial of Service Vulnerability in Qualcomm QCMAP Software Suite
CVE-2020-25858

7.5HIGH

Key Information:

Vendor
Qualcomm
Vendor
CVE Published:
15 October 2020

Summary

A vulnerability in the QCMAP_Web_CLIENT binary of Qualcomm's QCMAP software suite allows attackers to cause a denial of service by sending specially crafted URLs to the web interface. This flaw arises from improper validation of return values from string search functions within the Tokenizer() function, which may lead to process crashes. Devices utilizing this version of QCMAP, commonly found in mobile hotspots and LTE routers, are significantly impacted.

Affected Version(s)

Qualcomm QCMAP Fixed in October 2020

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.