CVE-2020-25858

Name of the Vulnerable Software and Affected Versions Qualcomm QCMAP software suite versions prior to October 2020

Description The issue concerns the QCMAP Web CLIENT binary in the Qualcomm QCMAP software suite. It does not validate the return value of a strstr() or strchr() call in the Tokenizer() function. An attacker can invoke the web interface with a crafted URL, potentially crashing the process and causing denial of service. This version of QCMAP is used in various networking devices, including mobile hotspots and LTE routers.

Recommendations For versions prior to October 2020, update to a version released in October 2020 or later to resolve the issue. As a temporary workaround, consider restricting access to the web interface to minimize the risk of exploitation.