Vulnerability Description
The length of the input fields of Host Engineering H0-ECOM100, H2-ECOM100, and H4-ECOM100 modules are verified only on the client side when receiving input from the configuration web server, which may allow an attacker to bypass the check and send input to crash the device.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hosteng | H0-Ecom100 Firmware | <= 4.0.348 |
| Hosteng | H0-Ecom100 | 6 |
| Hosteng | H2-Ecom100 Firmware | <= 4.0.2148 |
| Hosteng | H2-Ecom100 | 5 |
| Hosteng | H4-Ecom100 Firmware | <= 4.0.2148 |
| Hosteng | H4-Ecom100 | - |
Related Weaknesses (CWE)
References
- https://us-cert.cisa.gov/ics/advisories/icsa-20-345-02Third Party AdvisoryUS Government Resource
- https://us-cert.cisa.gov/ics/advisories/icsa-20-345-02Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2020-25195?
CVE-2020-25195 is a vulnerability with a CVSS score of 7.5 (HIGH). The length of the input fields of Host Engineering H0-ECOM100, H2-ECOM100, and H4-ECOM100 modules are verified only on the client side when receiving input from the configuration web server, which may...
How severe is CVE-2020-25195?
CVE-2020-25195 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-25195?
Check the references section above for vendor advisories and patch information. Affected products include: Hosteng H0-Ecom100 Firmware, Hosteng H0-Ecom100, Hosteng H2-Ecom100 Firmware, Hosteng H2-Ecom100, Hosteng H4-Ecom100 Firmware.