VYPR

QCMAP

by Qualcomm

CVEs (2)

  • CVE-2020-25859Oct 15, 2020
    risk 0.00cvss epss 0.00

    The QCMAP_CLI utility in the Qualcomm QCMAP software suite prior to versions released in October 2020 uses a system() call without validating the input, while handling a SetGatewayUrl() request. A local attacker with shell access can pass shell metacharacters and run arbitrary…

  • CVE-2020-25858Oct 15, 2020
    risk 0.00cvss epss 0.10

    The QCMAP_Web_CLIENT binary in the Qualcomm QCMAP software suite prior to versions released in October 2020 does not validate the return value of a strstr() or strchr() call in the Tokenizer() function. An attacker who invokes the web interface with a crafted URL can crash the…