CVE-2024-50385

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-50385
A denial of service vulnerability exists in the NetX Component HTTP server functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability affects X-CUBE-AZRTOS-F7 NetX Duo Component HTTP Server HTTP server v 1.1.0. This HTTP server implementation is contained in this file - x-cube-azrtos-f7\Middlewares\ST\netxduo\addons\http\nxd_http_server.c

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2024-2097 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:st:x-cube-azrt-h7rs:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:st:x-cube-azrtos-f4:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:st:x-cube-azrtos-f7:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:st:x-cube-azrtos-g0:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:st:x-cube-azrtos-g4:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:st:x-cube-azrtos-h7:3.3.0:*:*:*:*:*:*:*
cpe:2.3:a:st:x-cube-azrtos-l4:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:st:x-cube-azrtos-l5:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:st:x-cube-azrtos-wb:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:st:x-cube-azrtos-wl:2.0.0:*:*:*:*:*:*:*
History

05 Sep 2025, 16:42

Type Values Removed Values Added
CPE cpe:2.3:a:st:x-cube-azrtos-l4:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:st:x-cube-azrtos-l5:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:st:x-cube-azrtos-f4:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:st:x-cube-azrtos-h7:3.3.0:*:*:*:*:*:*:*
cpe:2.3:a:st:x-cube-azrtos-wb:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:st:x-cube-azrtos-g0:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:st:x-cube-azrtos-g4:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:st:x-cube-azrtos-wl:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:st:x-cube-azrtos-f7:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:st:x-cube-azrt-h7rs:1.0.0:*:*:*:*:*:*:*
CWE NVD-CWE-noinfo
References () https://talosintelligence.com/vulnerability_reports/TALOS-2024-2097 - () https://talosintelligence.com/vulnerability_reports/TALOS-2024-2097 - Exploit, Third Party Advisory
Summary
  • (es) Existe una vulnerabilidad de denegación de servicio en la funcionalidad del servidor NetX Component HTTP de STMicroelectronics X-Cube-Azrtos-WL 2.0.0. Un paquete de red especialmente manipulado puede conducir a la negación del servicio. Un atacante puede enviar un paquete malicioso para activar esta vulnerabilidad. Esta vulnerabilidad afecta a X-Cube-Azrtos-F7 NetX Duo Component HTTP Server HTTP Server v 1.1.0. Esta implementación del servidor HTTP está contenida en este archivo: X-Cube-Azrtos-F7 \ MiddleWares \ ST \ NetXDUO \ Addons \ Http \ nxd_http_server.c
First Time St x-cube-azrtos-g4
St x-cube-azrtos-wb
St x-cube-azrtos-g0
St x-cube-azrt-h7rs
St x-cube-azrtos-l4
St
St x-cube-azrtos-h7
St x-cube-azrtos-f7
St x-cube-azrtos-l5
St x-cube-azrtos-f4
St x-cube-azrtos-wl

02 Apr 2025, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-04-02 14:15

Updated : 2025-09-05 16:42

NVD link : CVE-2024-50385

Mitre link : CVE-2024-50385

CVE.ORG link : CVE-2024-50385

JSON object : View

Products Affected

st

  • x-cube-azrt-h7rs
  • x-cube-azrtos-h7
  • x-cube-azrtos-f7
  • x-cube-azrtos-wl
  • x-cube-azrtos-wb
  • x-cube-azrtos-g4
  • x-cube-azrtos-f4
  • x-cube-azrtos-l4
  • x-cube-azrtos-g0
  • x-cube-azrtos-l5
CWE
CWE-459

Incomplete Cleanup

NVD-CWE-noinfo