CVE-2022-42982

BKG Professional NtripCaster 2.0.39 allows querying information over the UDP protocol without authentication. The NTRIP sourcetable is typically quite long (tens of kBs) and can be requested with a packet of only 30 bytes. This presents a vector that can be used for UDP amplification attacks. Normally, only authenticated streaming data will be provided over UDP and not the sourcetable.
References
Link Resource
https://igs.bkg.bund.de/ntrip/bkgcaster Product Vendor Advisory
https://cve.mahi.be/bkg_ntrip_udp/ Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:bund:bkg_professional_ntripcaster:*:*:*:*:*:*:*:*

Information

Published : 2022-11-17 05:15

Updated : 2022-11-21 07:41


NVD link : CVE-2022-42982

Mitre link : CVE-2022-42982

Products Affected
No products.
CWE