CVE-2020-25195

Published: Dec 15, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

The length of the input fields of Host Engineering H0-ECOM100, H2-ECOM100, and H4-ECOM100 modules are verified only on the client side when receiving input from the configuration web server, which may allow an attacker to bypass the check and send input to crash the device.

Vendor	Product	Versions
n/a	Host Engineering H0-ECOM100 Module	affected `Hardware Versions 6x and prior with Firmware Versions 4.0.348 and prior` affected `Hardware Version 7x with Firmware Versions 4.1.113 and prior` affected `Hardware Version 9x with Firmware Versions 5.0.149 and prior`
n/a	Host Engineering H2-ECOM100 Module	affected `Hardware Versions 5x and prior with Firmware Versions 4.0.2148 and prior` affected `Hardware Version 8x with Firmware Versions 5.0.1043 and prior`
n/a	Host Engineering H4-ECOM100 Module	affected `Firmware Versions 4.0.2148 and prior`

Weaknesses (CWE)

CWE-20

References

https://us-cert.cisa.gov/ics/advisories/icsa-20-345-02

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-25195

Description

Affected Products

Weaknesses (CWE)

References