Impact
A network attacker can send traffic with very small HTTP headers to the Regesta Smart HD‑PLC web interface, a technique known as Slow Loris, causing the device to exhaust connection resources and become unresponsive. The flaw is a classic resource exhaustion vulnerability (CWE‑770), resulting in service denial for anyone attempting to access the device’s management interface. No data theft or privilege escalation is indicated in the description.
Affected Systems
The vulnerability affects Teldat’s Regesta Smart HD‑PLC TLDPH16D2 running software version 11.02.05.10.02. The vendor has released version 11.02.06.00.02, which removes the flaw. The device is identified by the CPE tag for Teldat Regesta Smart HD‑PLC TLDPH16D2 at the stated version.
Risk and Exploitability
The CVSS score of 6.9 places the issue in the medium severity range, while the EPSS score of less than 1% indicates a very low likelihood that this vulnerability is actively exploited. The flaw is not listed in the CISA KEV catalog. The likely attack vector is remote network access to the device’s HTTP interface, with no authentication required or registration needed for the exploit to work.
OpenCVE Enrichment