CyberSec.Space Logo
Back to CVE Browser

CVE-2018-25237

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0470%
EPSS Percentile27.71th
PublishedApr 3, 2026
Last ModifiedApr 7, 2026

Vulnerability Description

Hirschmann HiSecOS devices versions prior to 05.3.03 contain a buffer overflow vulnerability in the HTTPS login interface when RADIUS authentication is enabled that allows remote attackers to crash the device or execute arbitrary code by submitting a password longer than 128 characters. Attackers can exploit improper bounds checking in password handling to overflow a fixed-size buffer and achieve denial of service or remote code execution.

Affected Platforms (CPE)

No CPE configurations currently published for this record.

References & Advisories

🔗 https://assets.belden.com/m/2d5657b3e5d721c6/original/Security-Bulletin-RADIUS-Authentication-BSECV-2018-04.pdf
🔗 https://www.vulncheck.com/advisories/hirschmann-hisecos-buffer-overflow-via-https-login

Related Vulnerabilities

CVE-2018-487210.0

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006...

CVE-2018-100012410.0

I Librarian I-librarian version 4.8 and earlier contains a XML External Entity (XXE) vulnerability in line 154 of importmetadata.p...

CVE-2018-2126810.0

The traceroute (aka node-traceroute) package through 1.0.0 for Node.js allows remote command injection via the host parameter. Thi...

CVE-2018-409110.0

An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the "Sandbox" component. I...