cvedb.io
CVE-2019-9750
CRITICAL · CVSS 9.1
EPSS exploitation probability: 0%
Published 2019-03-13T19:29:00.347 · Last modified 2026-06-17T02:44:17.000

Summary

In IoTivity through 1.3.1, the CoAP server interface can be used for Distributed Denial of Service attacks using source IP address spoofing and UDP-based traffic amplification. The reflected traffic is 6 times bigger than spoofed requests. This occurs because the construction of a "4.01 Unauthorized" response is mishandled. NOTE: the vendor states "While this is an interesting attack, there is no plan for maintainer to fix, as we are migrating to IoTivity Lite."

Affected products

iotivity — iotivity

Does this affect you?

Add your gear to cvedb and we'll alert you only when iotivity ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.