CVE-2025-56234
BaseFortify
Publication date: 2025-09-29
Last updated on: 2025-10-28
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nanda_automation_technology | at_na2000 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the AT_NA2000 device from Nanda Automation Technology. It is a denial-of-service flaw related to how the device processes TCP RST packets. The device accepts a wide range of TCP sequence numbers for these packets instead of requiring an exact match to the next expected sequence number, violating RFC5961. Attackers can exploit this by sending multiple random TCP RST packets within the acceptable sequence number range, causing interruptions to normal connections and resulting in a denial-of-service condition.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to disrupt normal network connections to the AT_NA2000 device. By sending crafted TCP RST packets, attackers can cause denial-of-service attacks that interrupt communication and potentially affect the availability and reliability of the device and any systems depending on it.