CVE-2021-31882
Severity
7.5HIGH
EPSS
1.4%
top 19.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 9
Latest updateMay 24
Description
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303). The DHCP client application does not validate the length of the Domain Name Server IP option(s) (0x06) when processing DHCP ACK packets. This may lead to Denial-of-Service conditions. (FSMD-2021-0011)
CVSS vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6
Affected Packages3 packages
🔴Vulnerability Details
2GHSA▶
GHSA-w2w7-g4vg-h87m: A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACn↗2022-05-24
CVEList▶
CVE-2021-31882: A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303)↗2021-11-09