CVE-2022-42982

Name of the Vulnerable Software and Affected Versions BKG Professional NtripCaster version 2.0.39

Description The issue allows querying information over the UDP protocol without authentication. The NTRIP sourcetable, which is typically quite long, can be requested with a small packet, presenting a vector for UDP amplification attacks. Normally, only authenticated streaming data is provided over UDP.

Recommendations For version 2.0.39, consider restricting access to the UDP protocol to prevent unauthorized queries of the NTRIP sourcetable until a patch is available. As a temporary workaround, disabling the ability to request the sourcetable over UDP can help minimize the risk of UDP amplification attacks.