{"containers":{"cna":{"affected":[{"product":"Qualcomm QCMAP","vendor":"n/a","versions":[{"status":"affected","version":"Fixed in October 2020"}]}],"descriptions":[{"lang":"en","value":"The QCMAP_Web_CLIENT binary in the Qualcomm QCMAP software suite prior to versions released in October 2020 does not validate the return value of a strstr() or strchr() call in the Tokenizer() function. An attacker who invokes the web interface with a crafted URL can crash the process, causing denial of service. This version of QCMAP is used in many kinds of networking devices, primarily mobile hotspots and LTE routers."}],"problemTypes":[{"descriptions":[{"cweId":"CWE-476","description":"Remote authenticated null dereference (CWE-476)","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2020-10-15T15:11:50.000Z","orgId":"6b4ace4a-d6e0-415b-9ce8-aa20e97e4b24","shortName":"VDOO"},"references":[{"tags":["x_refsource_MISC"],"url":"http://vdoo.com/blog/qualcomm-qcmap-vulnerabilities"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"vuln@vdoo.com","ID":"CVE-2020-25858","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Qualcomm QCMAP","version":{"version_data":[{"version_value":"Fixed in October 2020"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The QCMAP_Web_CLIENT binary in the Qualcomm QCMAP software suite prior to versions released in October 2020 does not validate the return value of a strstr() or strchr() call in the Tokenizer() function. An attacker who invokes the web interface with a crafted URL can crash the process, causing denial of service. This version of QCMAP is used in many kinds of networking devices, primarily mobile hotspots and LTE routers."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Remote authenticated null dereference (CWE-476)"}]}]},"references":{"reference_data":[{"name":"http://vdoo.com/blog/qualcomm-qcmap-vulnerabilities","refsource":"MISC","url":"http://vdoo.com/blog/qualcomm-qcmap-vulnerabilities"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T15:49:06.010Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"http://vdoo.com/blog/qualcomm-qcmap-vulnerabilities"}]}]},"cveMetadata":{"assignerOrgId":"6b4ace4a-d6e0-415b-9ce8-aa20e97e4b24","assignerShortName":"VDOO","cveId":"CVE-2020-25858","datePublished":"2020-10-15T15:11:50.000Z","dateReserved":"2020-09-23T00:00:00.000Z","dateUpdated":"2024-08-04T15:49:06.010Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}