CVE-2018-25237 in Hirschmann HiSecOS Classic Firewallinfo

Summary

Hirschmann HiSecOS devices versions prior to 05.3.03 contain a buffer overflow vulnerability in the HTTPS login interface when RADIUS authentication is enabled that allows remote attackers to crash the device or execute arbitrary code by submitting a password longer than 128 characters. Attackers can exploit improper bounds checking in password handling to overflow a fixed-size buffer and achieve denial of service or remote code execution.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Responsible

VulnCheck

Reservation

04/03/2026

Disclosure

04/04/2026

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
355215Belden Hirschmann HiSecOS Classic Firewall HTTPS Login buffer overflow120Not definedOfficial fixCVE-2018-25237

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

PreviousOverviewNext

Want to know what is going to be exploited?

We predict KEV entries!