A vulnerability has been identified in Nucleus NET (All...
Moderate severity
Unreviewed
Published
May 24, 2022
to the GitHub Advisory Database
•
Updated Jan 29, 2023
Description
Published by the National Vulnerability Database
Apr 22, 2021
Published to the GitHub Advisory Database
May 24, 2022
Last updated
Jan 29, 2023
A vulnerability has been identified in Nucleus NET (All versions), Nucleus RTOS (versions including affected DNS modules), Nucleus ReadyStart (All versions < V2013.08), Nucleus Source Code (versions including affected DNS modules), VSTAR (versions including affected DNS modules). The DNS client does not properly randomize UDP port numbers of DNS requests. That could allow an attacker to poison the DNS cache or spoof DNS resolving.
References