CVE-2020-25859
CVE-2020-25859 concerns the QCMAP_CLI utility in Qualcomm QCMAP, where handling SetGatewayUrl() can invoke system() without input validation. This allows a local attacker with shell access to pass shell metacharacters and execute arbitrary commands. If QCMAP_CLI runs with sudo or setuid, privileg...