PT-2026-35973 · Aws · Freertos-Plus-Tcp

Eun0Us

Published

2026-04-29

Updated

2026-05-04

CVE-2026-7422

CVSS v3.1

6.5

Medium

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions FreeRTOS-Plus-TCP versions prior to 4.2.6 FreeRTOS-Plus-TCP versions prior to 4.4.1

Description Insufficient packet validation allows an adjacent network actor to bypass checksum and minimum-size validation. This occurs because the loopback detection mechanism skips all input validation for packets where the Ethernet source MAC address is spoofed to match one of the device's own registered endpoints.

Recommendations Upgrade to version 4.2.6 or later. Upgrade to version 4.4.1 or later.

Fix

Authentication Bypass by Spoofing

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-290

Related Identifiers

CVE-2026-7422

Affected Products

Freertos-Plus-Tcp

PT-2026-35973 · Aws · Freertos-Plus-Tcp

CVE-2026-7422

Weakness Enumeration

Related Identifiers

Affected Products

References · 7