Vulnerability Description
BKG Professional NtripCaster 2.0.39 allows querying information over the UDP protocol without authentication. The NTRIP sourcetable is typically quite long (tens of kBs) and can be requested with a packet of only 30 bytes. This presents a vector that can be used for UDP amplification attacks. Normally, only authenticated streaming data will be provided over UDP and not the sourcetable.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bund | Bkg Professional Ntripcaster | <= 2.0.39 |
Related Weaknesses (CWE)
References
- https://cve.mahi.be/bkg_ntrip_udp/Third Party Advisory
- https://igs.bkg.bund.de/ntrip/bkgcasterProductVendor Advisory
- https://cve.mahi.be/bkg_ntrip_udp/Third Party Advisory
- https://igs.bkg.bund.de/ntrip/bkgcasterProductVendor Advisory
FAQ
What is CVE-2022-42982?
CVE-2022-42982 is a vulnerability with a CVSS score of 7.5 (HIGH). BKG Professional NtripCaster 2.0.39 allows querying information over the UDP protocol without authentication. The NTRIP sourcetable is typically quite long (tens of kBs) and can be requested with a pa...
How severe is CVE-2022-42982?
CVE-2022-42982 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-42982?
Check the references section above for vendor advisories and patch information. Affected products include: Bund Bkg Professional Ntripcaster.