PT-2021-19563 · Unknown · Capital Embedded Ar Classic 431-422+1

Published

2021-11-09

Updated

2024-10-08

CVE-2021-31882

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Capital Embedded AR Classic 431-422 versions all Capital Embedded AR Classic R20-11 versions all prior to V2303

Description: A vulnerability has been identified where the DHCP client application does not validate the length of the Domain Name Server IP option(s) (0x06) when processing DHCP ACK packets. This may lead to Denial-of-Service conditions.

Recommendations: For Capital Embedded AR Classic 431-422, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Capital Embedded AR Classic R20-11 versions prior to V2303, update to version V2303 or later to resolve the issue.

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2021-31882

Affected Products

Capital Embedded Ar Classic 431-422

Capital Embedded Ar Classic R20-11

PT-2021-19563 · Unknown · Capital Embedded Ar Classic 431-422+1

CVE-2021-31882

Weakness Enumeration

Related Identifiers

Affected Products

References · 8