CVE-2024-56316

High

Published: 27 January 2025

Published

27 January 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0108 78.0th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-56316 is a high-severity Allocation of Resources Without Limits or Throttling (CWE-770) vulnerability in Y Security (inferred from references). Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 22.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-7 (Boundary Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly addresses the root cause by requiring validation of unsanitized TR069 API inputs to prevent crafted requests from triggering permanent resource exhaustion.

SC-5 Denial-of-service Protection good match

prevent

Implements denial-of-service protections such as rate limiting and throttling to block resource depletion from crafted TR069 requests on ports 9675 and 7547.

SC-7 Boundary Protection good match

preventdetect

Enforces boundary protection to monitor, filter, and control network traffic to vulnerable TR069 ports, mitigating remote unauthenticated access.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

CVE enables remote exploitation of public-facing ACS (T1190) via crafted TR-069 requests, directly causing application DoS through resource exhaustion (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

In AXESS ACS (Auto Configuration Server) through 5.2.0, unsanitized user input in the TR069 API allows remote unauthenticated attackers to cause a permanent Denial of Service via crafted TR069 requests on TCP port 9675 or 7547. Rebooting does not resolve…

the permanent Denial of Service.

Deeper analysisAI

CVE-2024-56316 is a denial-of-service vulnerability in AXESS ACS (Auto Configuration Server) versions through 5.2.0, caused by unsanitized user input in the TR069 API. Remote attackers can send crafted TR069 requests to TCP ports 9675 or 7547, triggering a permanent DoS condition. The issue is rated with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and maps to CWE-770 (Allocation of Resources Without Limits or Throttling).

Remote unauthenticated attackers with network access to the targeted ports can exploit this vulnerability. Successful exploitation leads to a permanent DoS state in the ACS, where the service becomes unavailable and cannot be restored by rebooting the system.

The advisory from y-sec provides further details on the vulnerability at https://www.y-security.de/news-en/axess-auto-configuration-server-denial-of-service-cve-2024-56316/. No patches or specific mitigations beyond general exposure reduction are detailed in available information, and rebooting does not resolve the condition.