CVE-2022-30904 HIGH

CVE-2022-30904

Vendor N/A
Product n/a
Published February 1, 2023
Last update March 27, 2025

CVSS base score

8.2/10
Attack vector Adjacent
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AC:L/AV:A/A:L/C:H/I:L/PR:L/S:C/UI:N

What the vulnerability does

01Description

In Bestechnic Bluetooth Mesh SDK (BES2300) V1.0, a buffer overflow vulnerability can be triggered during provisioning, because there is no check for the SegN field of the Transaction Start PDU.

Key dates

02Disclosure timeline

February 1, 2023 CVE published
March 27, 2025 Record updated