PT-2025-14503 · Netx Duo+1 · Netx Duo+1

Kelly Patterson

Published

2025-04-02

Updated

2025-09-05

CVE-2024-50595

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions STMicroelectronics X-CUBE-AZRTOS-WL version 2.0.0

Description An integer underflow issue exists in the HTTP server's PUT request functionality, which can lead to denial of service. This is due to the NetX Duo Component HTTP Server implementation. An attacker can trigger this issue by sending a sequence of malicious packets.

Recommendations For STMicroelectronics X-CUBE-AZRTOS-WL version 2.0.0, consider disabling the HTTP server's PUT request functionality until a patch is available. Restrict access to the nxd http server.c file to minimize the risk of exploitation. Avoid using the vulnerable NetX Duo Component HTTP Server implementation in the x-cube-azrtos-f7MiddlewaresST etxduoaddonshttp directory until the issue is resolved.

Exploit

Fix

DoS

Integer Underflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-191

Related Identifiers

CVE-2024-50595

Affected Products

Netx Duo

Stmicroelectronics X-Cube-Azrtos-Wl

PT-2025-14503 · Netx Duo+1 · Netx Duo+1

CVE-2024-50595

Weakness Enumeration

Related Identifiers

Affected Products

References · 9