CVE-2020-25859
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2020-25859
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The QCMAP_CLI utility in the Qualcomm QCMAP software suite prior to versions released in October 2020 uses a system() call without validating the input, while handling a SetGatewayUrl() request. A local attacker with shell access can pass shell metacharacters and run arbitrary commands. If QCMAP_CLI can be run via sudo or setuid, this also allows elevating privileges to root. This version of QCMAP is used in many kinds of networking devices, primarily mobile hotspots and LTE routers.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Qualcomm QCMAP 操作系统命令注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Qualcomm QCMAP是美国高通(Qualcomm)公司的基于Linux的移动电话的数据接入点。 高通 QCMAP CLI 2020年10月版本 存在安全漏洞,该漏洞源于使用system()调用,而不验证输入,同时处理SetGatewayUrl()请求。攻击者可利用该漏洞可以传递shell元字符并运行任意命令。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | Qualcomm QCMAP | Fixed in October 2020 | - |
II. Public POCs for CVE-2020-25859
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2020-25859
请登录查看更多情报信息。
- http://vdoo.com/blog/qualcomm-qcmap-vulnerabilitiesx_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2020-25859
Same Patch Batch · n/a · 2020-10-15 · 12 CVEs total
| CVE-2020-27156 | 9.8 CRITICAL | Veritas APTARE 安全漏洞 |
| CVE-2020-27157 | 8.1 HIGH | Veritas APTARE 安全漏洞 |
| CVE-2020-7744 | 4.7 MEDIUM | Information Exposure |
| CVE-2020-27153 | BlueZ 资源管理错误漏洞 | |
| CVE-2020-6107 | F2fs.Fsck 代码问题漏洞 | |
| CVE-2020-6108 | F2fs.Fsck 缓冲区错误漏洞 | |
| CVE-2020-6104 | F2fs.Fsck 缓冲区错误漏洞 | |
| CVE-2020-6105 | F2fs.Fsck 安全漏洞 | |
| CVE-2020-6106 | F2fs.Fsck 缓冲区错误漏洞 | |
| CVE-2020-21674 | libarchive 缓冲区错误漏洞 | |
| CVE-2020-25858 | Qualcomm QCMAP 代码问题漏洞 |
IV. Related Vulnerabilities
Same product: Qualcomm QCMAP
Same vendor: n/a
- CVE-2026-8747
Z-BlogPHP Commend Approval c_system_event.php CheckComment i - CVE-2026-8746
Open5GS NRF nghttp2-server.c discover_handler use after free - CVE-2026-8745
Open5GS AUSF nausf-handler.c ogs_timer_add denial of service - CVE-2026-8744
Open5GS NRF context.c ogs_sbi_nf_service_add denial of servi - CVE-2026-8743
Open5GS AMF/MME context.c ran_ue_find_by_amf_ue_ngap_id impr
Same weakness: CWE-78
- CVE-2026-8767
vercel ai PR Branch Name Interpolation prettier-on-automerge - CVE-2026-45036
Tabby auto-confirms ZMODEM detection on terminal output, lea - CVE-2026-45035
Tabby: RCE via `tabby://run` URL Scheme - CVE-2026-46483
Vim: Command injection in tar#Vimuntar via missing shellesca - CVE-2026-41553
Remote Code Execution in PDF Export Module
V. Comments for CVE-2020-25859
No comments yet