Unrated severityNVD Advisory· Published Oct 15, 2020· Updated Aug 4, 2024
CVE-2020-25858
CVE-2020-25858
Description
The QCMAP_Web_CLIENT binary in the Qualcomm QCMAP software suite prior to versions released in October 2020 does not validate the return value of a strstr() or strchr() call in the Tokenizer() function. An attacker who invokes the web interface with a crafted URL can crash the process, causing denial of service. This version of QCMAP is used in many kinds of networking devices, primarily mobile hotspots and LTE routers.
Affected products
2- Qualcomm/QCMAP software suitedescription
Patches
Vulnerability mechanics
References
1- vdoo.com/blog/qualcomm-qcmap-vulnerabilitiesmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.