Back

CVE-2024-4292

April 27, 2024, 9:15 p.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

Contemporary Controls BASrouter BACnet BASRT-B

  • 2.7.2

Source

cna@vuldb.com

Tags

CVE-2024-4292 details

Published : April 27, 2024, 9:15 p.m.
Last Modified : April 27, 2024, 9:15 p.m.

Description

A vulnerability classified as critical has been found in Contemporary Controls BASrouter BACnet BASRT-B 2.7.2. Affected is an unknown function of the component Device-Communication-Control Service. The manipulation with the input 55ff0500370015f30104025506110afb7519035d0841e4bece257b6acfc71f leads to denial of service. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-262224. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Score

1 2 3 4 5 6.5 7 8 9 10

Weakness

Weakness Name Description

CVSS Data

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

6.5

Exploitability Score

Impact Score

Base Severity

MEDIUM

Vector String : CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

URL Source
https://github.com/isZzzz/BASRT-B_BACnet_Router_Document/blob/main/BASER-B_backdoor.pcapng cna@vuldb.com
https://github.com/isZzzz/BASRT-B_BACnet_Router_Document/blob/main/BASRT_CVE_apply.pdf cna@vuldb.com
https://vuldb.com/?ctiid.262224 cna@vuldb.com
https://vuldb.com/?id.262224 cna@vuldb.com
https://vuldb.com/?submit.320749 cna@vuldb.com
This website uses the NVD API, but is not approved or certified by it.