漏洞关键信息 Title: BACnet Test Server 1.01 Remote Denial of Service Exploit Advisory ID: ZSL-2020-5597 Type: Local/Remote Impact: DoS Risk: (3/5) Release Date: 06.10.2020 Summary The BACNet Test Server is vulnerable to a denial of service (DoS) vulnerability when sending malformed BVLC Length UDP packet to port 47808 causing the application to crash. Vendor Name: BACnet Interoperability Test Services, Inc. URL: https://www.bac-test.com Affected Version 1.01 (BACnet Stack Version 0.5.7) Tested On Microsoft Windows 10 Professional (EN) Microsoft Windows 7 Professional SP1 (EN) PoC bacnet_server_dos.pl Credits Vulnerability discovered by Gjoko Krstic - References 1. https://www.exploit-db.com/exploits/48860 2. https://packetstormsecurity.com/files/159504 3. https://cxsecurity.com/issue/WLB-2020100045 4. https://exchange.xforce.ibmcloud.com/vulnerabilities/189567