Login Sign Up

CVE-2020-25189

9.8 CRITICAL
Remote Code Execution Buffer Overflow

📋 TL;DR

CVE-2020-25189 allows unauthenticated remote attackers to execute arbitrary code on affected IP150 devices via stack-based buffer overflows. This affects users of IP150 firmware versions 5.02.09. The vulnerability has a critical CVSS score of 9.8 due to its remote, unauthenticated nature and potential for complete system compromise.

💻 Affected Systems

Products:
  • IP150
Versions: Firmware version 5.02.09
Operating Systems: Embedded firmware
Default Config Vulnerable: ⚠️ Yes
Notes: All devices running the vulnerable firmware version are affected regardless of configuration.

📦 What is this software?

Ip150 Firmware by Paradox

View all CVEs affecting Ip150 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover with attacker gaining full control of the IP150 device, potentially pivoting to internal networks, disrupting operations, and deploying ransomware or other malware.

🟠

Likely Case

Remote code execution leading to device compromise, data theft, surveillance capability, and use as a foothold for further network attacks.

🟢

If Mitigated

Limited impact if device is isolated behind firewalls with strict network segmentation and access controls.

🌐 Internet-Facing: HIGH - Unauthenticated remote exploitation makes internet-facing devices extremely vulnerable to automated attacks.
🏢 Internal Only: HIGH - Even internally, the unauthenticated nature means any network-accessible device is vulnerable to internal threats.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Stack-based buffer overflows typically have low exploitation complexity, especially with unauthenticated access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor for latest firmware

Vendor Advisory: https://us-cert.cisa.gov/ics/advisories/icsa-20-324-02

Restart Required: Yes

Instructions:

1. Check current firmware version. 2. Download latest firmware from vendor. 3. Apply firmware update following vendor instructions. 4. Reboot device. 5. Verify update was successful.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate IP150 devices from untrusted networks and restrict access to authorized IPs only.

Firewall Rules

all

Implement strict firewall rules to limit access to IP150 management interfaces.

🧯 If You Can't Patch

  • Immediately isolate affected devices from internet and untrusted networks
  • Implement strict network access controls and monitor for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via web interface or CLI. If version is 5.02.09, device is vulnerable.

Check Version:

Check via device web interface or vendor-specific CLI commands

Verify Fix Applied:

Verify firmware version has been updated to a version later than 5.02.09.

📡 Detection & Monitoring

Log Indicators:

  • Unusual network connections to IP150
  • Multiple failed connection attempts
  • Unexpected firmware or configuration changes

Network Indicators:

  • Unusual traffic patterns to/from IP150 devices
  • Exploit attempt signatures in network traffic

SIEM Query:

source_ip=* AND dest_ip=IP150_IP AND (port=80 OR port=443 OR port=OTHER_MGMT_PORTS) AND status=success

📊 Metadata

CVE ID: CVE-2020-25189
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-121
Published: November 21, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-25189, you might also want to check these:

CVE-2024-39791 10.0

CVE-2024-39791 is a critical stack-based buffer overflow vulnerability in Vonets industrial WiFi bri...

Same vulnerability type (CWE-121)
CVE-2022-20699 10.0

This critical vulnerability in Cisco Small Business routers allows unauthenticated remote attackers ...

Same vulnerability type (CWE-121)
CVE-2022-20701 10.0

This CVE describes multiple critical vulnerabilities in Cisco Small Business RV series routers that ...

Same vulnerability type (CWE-121)