Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2020-25195

🗓️ 15 Dec 2020 19:38:02Reported by icscertType 
cve
 cve🔗 web.nvd.nist.gov👁 54 Views

The input field length verification on Host Engineering H0-ECOM100, H2-ECOM100, and H4-ECOM100 modules is only done on the client side, potentially enabling an attacker to bypass the check and crash the device

Related
Detection
Affected
Refs
ReporterTitlePublishedViews
Family
Circl		CVE-2020-25195
15 Dec 202022:40
circl
CNNVD		Host Engineering Ecom100 Module Input Validation Error Vulnerability
10 Dec 202000:00
cnnvd
Cvelist		CVE-2020-25195
15 Dec 202019:38
cvelist
EUVD		EUVD-2020-17886
7 Oct 202500:30
euvd
ICS		Host Engineering H2-ECOM100 Module
10 Dec 202000:00
ics
NVD		CVE-2020-25195
15 Dec 202020:15
nvd
OSV		CVE-2020-25195
15 Dec 202020:15
osv
Prion		Input validation
15 Dec 202020:15
prion
RedhatCVE		CVE-2020-25195
22 May 202515:22
redhatcve
NVD
Vulners
Node
hostengh0-ecom100_firmwareRange4.0.348
AND
hostengh0-ecom100Match6
Node
hostengh0-ecom100_firmwareRange4.1.113
AND
hostengh0-ecom100Match7
Node
hostengh0-ecom100_firmwareRange5.0.149
AND
hostengh0-ecom100Match9
Node
hostengh2-ecom100_firmwareRange4.0.2148
AND
hostengh2-ecom100Match5
Node
hostengh2-ecom100_firmwareRange5.0.1043
AND
hostengh2-ecom100Match8
Node
hostengh4-ecom100_firmwareRange4.0.2148
AND
hostengh4-ecom100Match-
[
  {
    "product": "Host Engineering H0-ECOM100 Module",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Hardware Versions 6x and prior with Firmware Versions 4.0.348 and prior"
      },
      {
        "status": "affected",
        "version": "Hardware Version 7x with Firmware Versions 4.1.113 and prior"
      },
      {
        "status": "affected",
        "version": "Hardware Version 9x with Firmware Versions 5.0.149 and prior"
      }
    ]
  },
  {
    "product": "Host Engineering H2-ECOM100 Module",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Hardware Versions 5x and prior with Firmware Versions 4.0.2148 and prior"
      },
      {
        "status": "affected",
        "version": "Hardware Version 8x with Firmware Versions 5.0.1043 and prior"
      }
    ]
  },
  {
    "product": "Host Engineering H4-ECOM100 Module",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Firmware Versions 4.0.2148 and prior"
      }
    ]
  }
]

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
21 Nov 2024 05:17Current
7.5High risk
Vulners AI Score7.5
CVSS 3.17.5
CVSS 27.8
EPSS0.00229
CWE-20
cve-2020-25195host engineeringecom100input fieldlength verificationclient sideconfiguration web serversecurity vulnerabilitynvd
54