Cyber Resilience

CVE-2024-56316

HighDDoS

Published: 27 January 2025

Published
27 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0108 78.3th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-56316 is a high-severity Allocation of Resources Without Limits or Throttling (CWE-770) vulnerability in Y Security (inferred from references). Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 21.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-7 (Boundary Protection).

Deeper analysis

CVE-2024-56316 is a denial-of-service vulnerability in AXESS ACS (Auto Configuration Server) versions through 5.2.0, caused by unsanitized user input in the TR069 API. Remote attackers can send crafted TR069 requests to TCP ports 9675 or 7547, triggering a permanent DoS condition. The issue is rated with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and maps to CWE-770 (Allocation of Resources Without Limits or Throttling).

Remote unauthenticated attackers with network access to the targeted ports can exploit this vulnerability. Successful exploitation leads to a permanent DoS state in the ACS, where the service becomes unavailable and cannot be restored by rebooting the system.

The advisory from y-sec provides further details on the vulnerability at https://www.y-security.de/news-en/axess-auto-configuration-server-denial-of-service-cve-2024-56316/. No patches or specific mitigations beyond general exposure reduction are detailed in available information, and rebooting does not resolve the condition.

EU & UK References

Vulnerability details

In AXESS ACS (Auto Configuration Server) through 5.2.0, unsanitized user input in the TR069 API allows remote unauthenticated attackers to cause a permanent Denial of Service via crafted TR069 requests on TCP port 9675 or 7547. Rebooting does not resolve…

more

the permanent Denial of Service.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

CVE enables remote exploitation of public-facing ACS (T1190) via crafted TR-069 requests, directly causing application DoS through resource exhaustion (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-40395Shared CWE-770
CVE-2026-28461Shared CWE-770
CVE-2020-37067Shared CWE-770
CVE-2025-1257Shared CWE-770
CVE-2025-24312Shared CWE-770
CVE-2026-5439Shared CWE-770
CVE-2026-30946Shared CWE-770
CVE-2026-20103Shared CWE-770
CVE-2026-29181Shared CWE-770
CVE-2026-32011Shared CWE-770

Affected Assets

Y Security
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the root cause by requiring validation of unsanitized TR069 API inputs to prevent crafted requests from triggering permanent resource exhaustion.

prevent

Implements denial-of-service protections such as rate limiting and throttling to block resource depletion from crafted TR069 requests on ports 9675 and 7547.

preventdetect

Enforces boundary protection to monitor, filter, and control network traffic to vulnerable TR069 ports, mitigating remote unauthenticated access.

References