PT-2025-14500 · Stmicroelectronics · Stmicroelectronics X-Cube-Azrtos-Wl+1
Kelly Patterson
·
Published
2025-04-02
·
Updated
2025-09-05
·
CVE-2024-50384
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
STMicroelectronics X-CUBE-AZRTOS-WL version 2.0.0
STMicroelectronics X-CUBE-AZRTOS-F7 NetX Duo Web Component HTTP server version 1.1.0
Description
A denial of service issue exists in the NetX Component HTTP server functionality. This can be triggered by a specially crafted network packet, allowing an attacker to send a malicious packet and cause a denial of service. The vulnerable HTTP server implementation is contained in the file
nx web http server.c.Recommendations
For STMicroelectronics X-CUBE-AZRTOS-WL version 2.0.0, consider disabling the HTTP server functionality until a patch is available.
For STMicroelectronics X-CUBE-AZRTOS-F7 NetX Duo Web Component HTTP server version 1.1.0, restrict access to the
nx web http server.c file to minimize the risk of exploitation.Exploit
Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Stmicroelectronics X-Cube-Azrtos-F7 Netx Duo Web Component Http Server
Stmicroelectronics X-Cube-Azrtos-Wl