CVE-2025-49492
Analyzed Analyzed - Analysis Complete
BaseFortify

Publication date: 2025-07-01

Last updated on: 2025-12-22

Assigner: ASR Microelectronics Co., Ltd.

Description
Out-of-bounds write in ASR180x in lte-telephony, May cause a buffer underrun.  This vulnerability is associated with program files apps/atcmd_server/src/dev_api.C. This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-01
Last Modified
2025-12-22
Generated
2026-05-07
AI Q&A
2025-07-01
EPSS Evaluated
2026-05-05
NVD
CVE-2025-49492
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
asrmicro falcon_linux to 1536 (exc)
asrmicro kestrel to 1536 (exc)
asrmicro lapwing_linux to 1536 (exc)
asrmicro asr1803 *
asrmicro asr1806 *
asrmicro asr1901 *
asrmicro asr1903 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is an out-of-bounds write in the ASR180x component within lte-telephony, specifically in the program files apps/atcmd_server/src/dev_api.C. It may cause a buffer underrun, which means that the program writes data outside the allocated memory boundaries, potentially leading to unexpected behavior or crashes.


How can this vulnerability impact me? :

The vulnerability can impact you by causing a buffer underrun, which may lead to instability, crashes, or potentially allow an attacker to execute arbitrary code or disrupt service. Given the CVSS score of 7.4 with high impact on confidentiality, integrity, and availability, it poses a significant security risk.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart