CRITICAL🇵🇱 Wersja polska

CVE-2025-11832

CVSS 10.0v4.0pub. 2025-10-15upd. 2025-11-07

Allocation of Resources Without Limits or Throttling vulnerability in Azure Access Technology BLU-IC2, Azure Access Technology BLU-IC4 allows Flooding.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

🤖 AI Analysis
How it works

BLU-IC2 and BLU-IC4 devices do not implement mechanisms for limiting or controlling network resource allocation. An attacker, remotely and without any privileges, can send an excessive number of requests or connections, causing device resource exhaustion. The lack of throttling or limits on the device side makes a flooding attack possible by any network entity.

Impact

An attacker can cause the device to become unavailable (denial of service), and due to the maximum impact on the confidentiality, integrity and availability of both the system and its environment — potentially also lead to loss of control over the device and systems associated with it.

Mitigation & patch

Patches available from the manufacturer should be applied in accordance with the references published at https://azure-access.com/security-advisories. Until updates are deployed, it is recommended to restrict network access to BLU-IC2 and BLU-IC4 devices only to trusted hosts through firewall rules or network segmentation.

Who is affected

Azure Access Technology BLU-IC2 in all firmware versions up to and including 1.19.5 and Azure Access Technology BLU-IC4 in all firmware versions up to and including 1.19.5.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Azure Access Blu Ic2

    HW
    Azure-Access
    wszystkie wersje
  • Azure Access Blu Ic2 Firmware

    OS
    Azure-Access
    < 1.20
  • Azure Access Blu Ic4

    HW
    Azure-Access
    wszystkie wersje
  • Azure Access Blu Ic4 Firmware

    OS
    Azure-Access
    < 1.20
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-12600CRITICAL10.0PL ✓ten sam produkt

Krytyczna podatność Web UI w urządzeniach Azure-Access BLU-IC2/IC4

CVE-2025-12599CRITICAL10.0PL ✓ten sam produkt

Współdzielenie statycznych sekretów SDKSocket w urządzeniach Azure-Access BLU-IC2/IC4

CVE-2025-12601CRITICAL10.0PL ✓ten sam produkt

Podatność DoS (SlowLoris) w Azure-Access BLU-IC2 i BLU-IC4

CVE-2025-12553CRITICAL10.0PL ✓ten sam produkt

Wyłączona weryfikacja certyfikatu serwera e-mail w Azure-Access BLU-IC2/IC4

CVE-2025-12516CRITICAL10.0PL ✓ten sam produkt

Brak obsługi błędów HTTP 5xx w Azure-Access BLU-IC2 i BLU-IC4