CVE-2018-25237
CRITICALHirschmann HiSecOS Buffer Overflow via HTTPS Login
Title source: cnaDescription
Hirschmann HiSecOS devices versions prior to 05.3.03 contain a buffer overflow vulnerability in the HTTPS login interface when RADIUS authentication is enabled that allows remote attackers to crash the device or execute arbitrary code by submitting a password longer than 128 characters. Attackers can exploit improper bounds checking in password handling to overflow a fixed-size buffer and achieve denial of service or remote code execution.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
https://assets.belden.com/m/2d5657b3e5d721c6/original/Security-Bulletin-RADIUS-Authentication-BSECV-2018-04.pdf
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/hirschmann-hisecos-buffer-overflow-via-https-login
Scores
CVSS v3
9.8
EPSS
0.0010
EPSS Percentile
27.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-120
Status
published
Products (2)
Belden/Hirschmann HiSecOS Classic Firewall (EAGLE, EAGLE One)
< 05.3.02
Belden/Hirschmann HiSecOS Classic Firewall (EAGLE, EAGLE One)
05.3.03
Published
Apr 03, 2026
Tracked Since
Apr 04, 2026