Description

BACnet Test Server versions up to and including 1.01 contains a remote denial of service vulnerability in its BACnet/IP BVLC packet handling. The server fails to properly validate the BVLC Length field in incoming UDP BVLC frames on the default BACnet port (47808/udp). A remote unauthenticated attacker can send a malformed BVLC Length value to trigger an access violation and crash the application, resulting in a denial of service.

INFO

Published Date :

2025-11-26T22:13:47.565Z

Last Modified :

2025-11-26T22:13:47.565Z

Source :

VulnCheck
AFFECTED PRODUCTS

The following products are affected by CVE-2020-36872 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2020-36872.

URL Resource
https://cxsecurity.com/issue/WLB-2020100045 cve-icon cve-icon
https://packetstormsecurity.com/files/159504 cve-icon cve-icon
https://www.bac-test.com/ cve-icon cve-icon
https://www.exploit-db.com/exploits/48860 cve-icon cve-icon
https://www.vulncheck.com/advisories/bacnet-test-server-malformed-bvlc-length-dos cve-icon cve-icon
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5597.php cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability