CVE-2025-0657

ALC WebCTRL Carrier i-Vu and Gen5 Controllers Array Index out-of-range

Description

A weakness in Automated Logic and Carrier i-Vu Gen5 router on driver version drv_gen5_106-01-2380, allows malformed packets to be sent through BACnet MS/TP network causing the devices to enter a fault state. This fault state requires a manual power cycle to return the device to network visibility.

INFO

Published Date :

2025-11-27T01:00:59.653Z

Last Modified :

2025-11-28T19:34:27.510Z

Source :

Carrier

AFFECTED PRODUCTS

The following products are affected by CVE-2025-0657 vulnerability.

Vendors	Products
Carrier	Automatedlogic Webctrl I-vu

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-0657.

URL	Resource
https://www.corporate.carrier.com/product-security/advisories-resources/

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability