PT-2025-30289 · NetGear · Netgear Rax80+1

Published

2025-07-21

Updated

2025-07-21

CVE-2025-44650

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Netgear R7000 version 1.3.1.64 10.1.36 Netgear EAX80 version 1.0.1.70 1.0.2

Description The USERLIMIT GLOBAL option is set to 0 in the bftpd.conf configuration file, potentially leading to Denial-of-Service (DoS) attacks when an unlimited number of users connect.

Recommendations For Netgear R7000 version 1.3.1.64 10.1.36, modify the bftpd.conf configuration file to set the USERLIMIT GLOBAL option to a non-zero value. For Netgear EAX80 version 1.0.1.70 1.0.2, modify the bftpd.conf configuration file to set the USERLIMIT GLOBAL option to a non-zero value.

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

BDU:2025-12674

CVE-2025-44650

Affected Products

Netgear Rax80

Netgear R7000

PT-2025-30289 · NetGear · Netgear Rax80+1

CVE-2025-44650

Weakness Enumeration

Related Identifiers

Affected Products

References · 9