CVE-2021-37740

Sažetak

A denial of service vulnerability exists in MDT's firmware for the KNXnet/IP Secure router SCN-IP100.03 and KNX IP interface SCN-IP000.03 before v3.0.4, that allows a remote attacker to turn the device unresponsive to all requests on the KNXnet/IP Secure layer, until the device is rebooted, via a SESSION_REQUEST frame with a modified total length field.

Reference

https://www.mdt.de/download/MDT_CL_SCN_IP_03_IP_Interface_Router.pdf
https://github.com/robertguetzkow/CVE-2021-37740
https://www.mdt.de/EN_IP_Interface_Router.html

CVSS

Base:	7.8
Impact:	6.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Zadnje važnije ažuriranje

03-05-2022 - 18:07

Objavljeno

20-04-2022 - 20:15