CVE-2024-56316

Name of the Vulnerable Software and Affected Versions AXESS ACS (Auto Configuration Server) versions prior to 5.2.0

Description The issue is related to unsanitized user input in the TR069 API, which allows remote unauthenticated attackers to cause a permanent Denial of Service via crafted TR069 requests on TCP port 9675 or 7547. Rebooting does not resolve the permanent Denial of Service.

Recommendations For AXESS ACS (Auto Configuration Server) versions prior to 5.2.0, as a temporary workaround, consider disabling the TR069 API until a patch is available. Restrict access to the TR069 API on TCP port 9675 or 7547 to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.