Denial of Service Vulnerability in Qualcomm QCMAP Software Suite
CVE-2020-25858
7.5HIGH
Summary
A vulnerability in the QCMAP_Web_CLIENT binary of Qualcomm's QCMAP software suite allows attackers to cause a denial of service by sending specially crafted URLs to the web interface. This flaw arises from improper validation of return values from string search functions within the Tokenizer() function, which may lead to process crashes. Devices utilizing this version of QCMAP, commonly found in mobile hotspots and LTE routers, are significantly impacted.
Affected Version(s)
Qualcomm QCMAP Fixed in October 2020
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved