Description
Device Monitoring Studio 8.10.00.8925 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the server connection dialog. Attackers can trigger the crash by entering a malformed server name or address containing repeated characters through the Tools menu Connect to New Server interface.
Published: 2026-03-30
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

Device Monitoring Studio version 8.10.00.8925 contains an input validation flaw that allows a local attacker to supply an excessively long string to the server connection dialog. The malformed string triggers a crash, causing the application to terminate unexpectedly and interrupting service availability. This vulnerability enables an attacker only within the local environment to deny service to users of the application. The weakness is identified as a boundary value error and is cataloged as CWE-1316.

Affected Systems

The flaw affects only the Device Monitoring Studio product from HDD Software, specifically version 8.10.00.8925. No other product versions or vendors are listed as impacted in the provided data.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate severity risk, and the EPSS score of less than 1% suggests a low likelihood of exploitation in the wild. The vulnerability is not part of the CISA Known Exploited Vulnerabilities catalog. Attackers must have local access to the machine and use the Tools menu to enter a malformed server name or address. Exploitability is straightforward, requiring no special permissions beyond local user rights.

Generated by OpenCVE AI on April 8, 2026 at 17:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check for and install any vendor‑supplied updates that address this denial‑of‑service issue. If no update is available, restrict the use of Device Monitoring Studio to trusted users or disable the Tools > Connect to New Server feature. Monitor application logs for crashes and ensure that critical monitoring services are provided through redundant or high‑availability configurations.

Generated by OpenCVE AI on April 8, 2026 at 17:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Hhdsoftware
Hhdsoftware device Monitoring Studio
CPEs cpe:2.3:a:hhdsoftware:device_monitoring_studio:8.10.00.8925:*:*:*:*:*:*:*
Vendors & Products Hhdsoftware
Hhdsoftware device Monitoring Studio

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Hdd
Hdd device Monitoring Studio
Vendors & Products Hdd
Hdd device Monitoring Studio

Mon, 30 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 30 Mar 2026 11:15:00 +0000

Type Values Removed Values Added
Description Device Monitoring Studio 8.10.00.8925 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the server connection dialog. Attackers can trigger the crash by entering a malformed server name or address containing repeated characters through the Tools menu Connect to New Server interface.
Title Device Monitoring Studio 8.10.00.8925 Denial of Service
Weaknesses CWE-1316
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Hdd Device Monitoring Studio
Hhdsoftware Device Monitoring Studio
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-30T15:59:12.396Z

Reserved: 2026-03-30T10:57:02.702Z

Link: CVE-2019-25655

cve-icon Vulnrichment

Updated: 2026-03-30T15:59:07.241Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-30T12:16:18.380

Modified: 2026-04-08T16:12:14.340

Link: CVE-2019-25655

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T20:00:37Z

Weaknesses