Buffer Overflow Vulnerability in Bestechnic Bluetooth Mesh SDK (BES2300) V1.0 during Provisioning

Buffer Overflow Vulnerability in Bestechnic Bluetooth Mesh SDK (BES2300) V1.0 during Provisioning

CVE-2022-30904 · HIGH Severity

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

In Bestechnic Bluetooth Mesh SDK (BES2300) V1.0, a buffer overflow vulnerability can be triggered during provisioning, because there is no check for the SegN field of the Transaction Start PDU.

Learn more about our Web Application Penetration Testing UK.