Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3DescriptionCVE.org
Transient DOS while processing the tone measurement response buffer when the response buffer is out of range.
AnalysisAI
Network-accessible denial-of-service vulnerability in tone measurement response buffer processing that occurs when buffer contents fall outside expected range parameters, resulting in application/service crashes. The vulnerability affects systems implementing tone measurement protocols with improper input validation on buffer boundaries. An unauthenticated remote attacker can trigger this vulnerability with minimal complexity, causing service unavailability; however, without CVE details indicating active KEV status or public PoC availability, real-world exploitation likelihood remains moderate despite the high CVSS 7.5 score.
Technical ContextAI
This vulnerability stems from CWE-126 (Buffer Over-read), a memory safety issue where code reads data beyond intended buffer boundaries without proper validation. The specific context involves tone measurement response processing—likely used in audio, telecommunications, or signal processing systems. The vulnerability manifests when the tone measurement protocol receives a response buffer with out-of-range values that the application fails to validate before processing. The absence of bounds checking on the response buffer allows reading beyond allocated memory, causing undefined behavior and denial of service. The CVSS vector (AV:N/AC:L/PR:N/UI:N) indicates the vulnerability is exploitable over the network without authentication or user interaction, suggesting the tone measurement service is directly exposed to network input without intermediate validation layers.
RemediationAI
Specific patch versions are not provided in the available data. General remediation steps: (1) Obtain vendor patches: Contact your equipment/software vendor for CVE-2025-27029 security updates; apply patches immediately to all affected systems; (2) Input validation workaround: If patching is delayed, implement network-level input validation to reject tone measurement responses outside expected value ranges before they reach vulnerable processing code; (3) Network segmentation: Restrict network access to tone measurement services to trusted internal networks only, reducing attack surface until patches are deployed; (4) Service monitoring: Implement alerting on service crashes and abnormal tone measurement request patterns to detect exploitation attempts; (5) Vendor advisory consultation: Review the vendor's security advisory (typically available via CVE database links) for version-specific patch availability and additional mitigation recommendations.
More in Fastconnect 7800 Firmware
View allQualcomm GPU micronode contains a memory corruption vulnerability (CVE-2025-21480, CVSS 8.6) caused by unauthorized comm
A second Qualcomm GPU micronode memory corruption vulnerability (CVE-2025-21479, CVSS 8.6) exists in the unauthorized co
A Qualcomm chipset vulnerability (CVE-2026-21385) causes memory corruption through improper integer handling during memo
Qualcomm Adreno GPU drivers in Chrome contain a use-after-free vulnerability (CVE-2025-27038, CVSS 7.5) enabling memory
Cryptographic issue occurs due to use of insecure connection method while downloading.
Memory corruption while taking snapshot when an offset variable is set by camera driver. Rated high severity (CVSS 8.4),
Cryptographic issue may occur while encrypting license data. [CVSS 8.4 HIGH]
Memory corruption while decoding of OTA messages from T3448 IE. Rated high severity (CVSS 8.2), this vulnerability is re
Information disclosure may occur during a video call if a device resets due to a non-conforming RTCP packet that doesn`t
CVE-2024-53026 is an information disclosure vulnerability in IMS (IP Multimedia Subsystem) implementations affecting VoL
CVE-2024-53021 is an information disclosure vulnerability in RTCP (Real-time Transport Control Protocol) packet processi
CVE-2024-53020 is an information disclosure vulnerability in RTP (Real-time Transport Protocol) packet processing that o
Same weakness CWE-126 – Buffer Over-read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-16702