Primary

Context

Axiros AXESS ACS Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in Axiros AXESS Auto Configuration Server (ACS) versions 3.11.0, 4.0.0, and 5.0.0 through 5.2.0. The issue arises from unsanitized user input in the TR069 API, which allows remote unauthenticated attackers to send crafted TR069 requests that cause a permanent denial-of-service condition on TCP ports 9675 or 7547. This issue requires manual intervention to resolve, as rebooting the server or service does not restore normal functionality.

Impact

Exploitation of this vulnerability leads to a permanent denial-of-service condition, causing the server to become unresponsive and requiring manual intervention to restore service.

Remediation

Axiros GmbH has released AXESS version 5.2.1, which addresses this vulnerability. Users should update to this version.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Axiros AXESS ACS Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating