CVE-2020-25195
CVE-2020-25195
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 1.5%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
15 Dec 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The length of the input fields of Host Engineering H0-ECOM100, H2-ECOM100, and H4-ECOM100 modules are verified only on the client side when receiving input from the configuration web server, which may allow an attacker to bypass the check and send input to crash the device.
Affected products
n/a · Host Engineering H0-ECOM100 Modulen/a · Host Engineering H2-ECOM100 Modulen/a · Host Engineering H4-ECOM100 ModuleWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →