CVE-2022-30904

CVSS V2 None CVSS V3 None
Description
In Bestechnic Bluetooth Mesh SDK (BES2300) V1.0, a buffer overflow vulnerability can be triggered during provisioning, because there is no check for the SegN field of the Transaction Start PDU.
Overview
  • CVE ID
  • CVE-2022-30904
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-02-01T21:15:08
  • Last Modified Date
  • 2023-02-09T19:47:12
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:a:bestechnic:bluetooth_mesh_software_development_kit:1.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:bestechnic:bes2300:-:*:*:*:*:*:*:* 0 OR
References
Reference URL Reference Tags
https://docs.google.com/document/d/1is3dYwMcRIkhjvujzi5OgnaGBsQVtlew/edit Exploit Third Party Advisory
History
Created Old Value New Value Data Type Notes
2023-04-17 07:05:45 Added to TrackCVE
2023-04-17 07:05:48 Weakness Enumeration new