CVE-2020-36872
BACnet Test Server 1.01 Malformed BVLC Length DoS
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
BACnet Test Server versions up to and including 1.01 contains a remote denial of service vulnerability in its BACnet/IP BVLC packet handling. The server fails to properly validate the BVLC Length field in incoming UDP BVLC frames on the default BACnet port (47808/udp). A remote unauthenticated attacker can send a malformed BVLC Length value to trigger an access violation and crash the application, resulting in a denial of service.
| CWE | CWE-400 |
| Vendor | bacnet interoperability test services, inc. |
| Product | bacnet test server |
| Published | Nov 26, 2025 |
| Last Updated | Apr 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for bacnet interoperability test services, inc. bacnet test server
Be the first to know when new unknown vulnerabilities affecting bacnet interoperability test services, inc. bacnet test server are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
BACnet Interoperability Test Services, Inc. / BACnet Test Server
0 โค 1.01
References
zeroscience.mk: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5597.php exploit-db.com: https://www.exploit-db.com/exploits/48860 packetstormsecurity.com: https://packetstormsecurity.com/files/159504 cxsecurity.com: https://cxsecurity.com/issue/WLB-2020100045 bac-test.com: https://www.bac-test.com/ vulncheck.com: https://www.vulncheck.com/advisories/bacnet-test-server-malformed-bvlc-length-dos
Credits
Gjoko Krstic of Zero Science Lab