PT-2025-14501 · Stmicroelectronics · X-Cube-Azrtos-Wl+1
Kelly Patterson
·
Published
2025-04-02
·
Updated
2025-09-05
·
CVE-2024-50385
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
STMicroelectronics X-CUBE-AZRTOS-WL version 2.0.0
STMicroelectronics X-CUBE-AZRTOS-F7 NetX Duo Component HTTP Server version 1.1.0
Description
A denial of service issue exists in the NetX Component HTTP server functionality. This can be triggered by a specially crafted network packet, allowing an attacker to send a malicious packet and cause a denial of service. The vulnerable HTTP server implementation is contained in the file
nxd http server.c.Recommendations
For STMicroelectronics X-CUBE-AZRTOS-WL version 2.0.0, consider disabling the HTTP server functionality until a patch is available.
For STMicroelectronics X-CUBE-AZRTOS-F7 NetX Duo Component HTTP Server version 1.1.0, restrict access to the
nxd http server.c file to minimize the risk of exploitation.Exploit
Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
X-Cube-Azrtos-F7 Netx Duo Component Http Server
X-Cube-Azrtos-Wl