CVE-2018-20404

Name: CVE-2018-20404
Creator: NVD / NIST
Published: 2018-12-26T21:29:02.637+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.48%

Last modified Jun 17, 2026

CVE-2018-20404 is a vulnerability of currently unknown severity. ETK_E900.sys, a SmartETK driver for VIA Technologies EPIA-E900 system board, is vulnerable to denial of service attack via IOCTL 0x9C402048, which calls memmove and constantly fails on an arbitrary (uncontrollable) address, resulting in an eternal hang or a BSoD.. EPSS estimates a 1.48% chance of exploitation in the next 30 days.

Description

ETK_E900.sys, a SmartETK driver for VIA Technologies EPIA-E900 system board, is vulnerable to denial of service attack via IOCTL 0x9C402048, which calls memmove and constantly fails on an arbitrary (uncontrollable) address, resulting in an eternal hang or a BSoD.

Metrics

EPSS Probability

1.48%

70.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-20

Affected Software

Vendor	Product	Versions
Viatech	Epia-E900 Firmware	All versions

References

https://downwithup.github.io/CVEPosts.htmlExploit, Third Party Advisory
https://downwithup.github.io/CVEPosts.htmlExploit, Third Party Advisory

Timeline

Published: Dec 26, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-20404?

How severe is CVE-2018-20404?

Severity scoring for CVE-2018-20404 is pending analysis. The EPSS model estimates a 1.48% probability of exploitation in the next 30 days.

How do I fix CVE-2018-20404?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-20404?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST