cbcvebase.
CVE-2020-25189
published 2020-11-21

CVE-2020-25189: The affected product is vulnerable to three stack-based buffer overflows, which may allow an unauthenticated attacker to remotely execute arbitrary code on the…

PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.54%
83.0th percentile
The affected product is vulnerable to three stack-based buffer overflows, which may allow an unauthenticated attacker to remotely execute arbitrary code on the IP150 (firmware versions 5.02.09).

Affected

2 ranges
VendorProductVersion rangeFixed in
paradoxip150_firmware
paradoxip150_firmware

Detection & IOCsextracted from sources · hover to see the quote

  • Target device is Paradox IP150 firmware version 5.02.09; detect exploitation attempts as unauthenticated remote stack-based buffer overflow traffic directed at IP150 devices on the network
  • CVE-2020-25189 requires no authentication (PR:N, UI:N per CVSS vector); any unauthenticated inbound connection to an IP150 device should be treated as suspicious and monitored for oversized input payloads indicative of buffer overflow attempts
  • ·Update A broadened the affected scope from only firmware version 5.02.09 to ALL firmware versions of the Paradox IP150; detection and patching scope should cover all deployed firmware versions, not just 5.02.09
  • ·No known public exploits specifically target these vulnerabilities at time of advisory publication; however, the low attack complexity (AC:L) and no-authentication requirement make exploitation straightforward if a device is internet-exposed

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.