CVE-2020-25195
Last modified
CVE-2020-25195 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. The length of the input fields of Host Engineering H0-ECOM100, H2-ECOM100, and H4-ECOM100 modules are verified only on the client side when receiving input from the configuration web server, which may allow an attacker to bypass the check and send input to crash the device.. EPSS estimates a 1.45% chance of exploitation in the next 30 days.
Description
The length of the input fields of Host Engineering H0-ECOM100, H2-ECOM100, and H4-ECOM100 modules are verified only on the client side when receiving input from the configuration web server, which may allow an attacker to bypass the check and send input to crash the device.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Hosteng | H0-Ecom100 Firmware | <= 4.0.348 |
| Hosteng | H0-Ecom100 Firmware | <= 4.1.113 |
| Hosteng | H0-Ecom100 Firmware | <= 5.0.149 |
| Hosteng | H2-Ecom100 Firmware | <= 4.0.2148 |
| Hosteng | H2-Ecom100 Firmware | <= 5.0.1043 |
| Hosteng | H4-Ecom100 Firmware | <= 4.0.2148 |
References
- https://us-cert.cisa.gov/ics/advisories/icsa-20-345-02Third Party Advisory, US Government Resource
- https://us-cert.cisa.gov/ics/advisories/icsa-20-345-02Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-25195?
How severe is CVE-2020-25195?
How do I fix CVE-2020-25195?
Are you affected by CVE-2020-25195?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST