CVE-2018-25237
Buffer Overflow in Hirschmann HiSecOS HTTPS Login Enables RCE
Publication date: 2026-04-03
Last updated on: 2026-04-03
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hirschmann | hisecos | to 05.3.03 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Hirschmann HiSecOS devices versions prior to 05.3.03. It is a buffer overflow issue in the HTTPS login interface that occurs when RADIUS authentication is enabled. Specifically, if an attacker submits a password longer than 128 characters, the device improperly checks the bounds of the password input, causing a fixed-size buffer to overflow.
This buffer overflow can be exploited by remote attackers to either crash the device or execute arbitrary code on it.
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to serious impacts including denial of service, where the device crashes and becomes unavailable.
More critically, attackers may execute arbitrary code remotely, potentially gaining control over the affected device.