Rkolandaivel

**Name of the Vulnerable Software and Affected Versions** Azure RTOS NetX Duo versions prior to 6.3.0 **Description** The issue affects Azure RTOS NetX Duo, a TCP/IP network stack for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities. The affected components include processes related to `ftp` and `sntp`. **Recommendations** For Azure RTOS NetX Duo versions prior to 6.3.0, upgrade to NetX Duo release 6.3.0 to resolve the issue. As a temporary workaround, consider disabling the `ftp` and `sntp` functions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Azure RTOS NetX Duo versions 6.2.1 and below **Description** The issue affects Azure RTOS NetX Duo, a TCP/IP network stack for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities. The affected components include processes/functions related to `snmp`, `smtp`, `ftp`, and `dtls`. **Recommendations** For Azure RTOS NetX Duo versions 6.2.1 and below, upgrade to NetX Duo release 6.3.0 to resolve the issue. As a temporary workaround, consider disabling the affected components, such as `snmp`, `smtp`, `ftp`, and `dtls`, until the upgrade is applied.

**Name of the Vulnerable Software and Affected Versions** Azure RTOS NetX Duo versions 6.2.1 and below **Description** The issue is related to an out-of-bounds write in Azure RTOS NetX Duo that could lead to remote code execution. The affected components include processes related to the IGMP protocol. **Recommendations** For Azure RTOS NetX Duo versions 6.2.1 and below, upgrade to NetX Duo release 6.3.0 to resolve the issue. As a temporary workaround, consider restricting access to the IGMP protocol-related processes until the upgrade is applied.

**Name of the Vulnerable Software and Affected Versions** Azure RTOS USBX versions 6.2.1 and below **Description** Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to out of bounds write vulnerabilities in Azure RTOS USBX. The affected components include functions/processes in host and device classes, related to CDC ECM and RNDIS. **Recommendations** For Azure RTOS USBX versions 6.2.1 and below, upgrade to USBX release 6.3.0 to resolve the issue. As a temporary workaround, consider restricting access to the host and device classes, specifically those related to CDC ECM and RNDIS, until the upgrade is applied.

**Name of the Vulnerable Software and Affected Versions** Azure RTOS NetX Duo versions 6.2.1 and below **Description** The issue is related to a memory overflow vulnerability in the Azure RTOS NetX Duo TCP/IP network stack, which can be exploited by an attacker to achieve remote code execution. The affected components include processes related to `icmp`, `tcp`, `snmp`, `dhcp`, `nat`, and `ftp`. **Recommendations** For Azure RTOS NetX Duo versions 6.2.1 and below, upgrade to NetX Duo release 6.3.0 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable components, such as disabling the `icmp`, `tcp`, `snmp`, `dhcp`, `nat`, and `ftp` functions until the upgrade is applied. Note that there are no known workarounds for this vulnerability apart from upgrading to the fixed release.