Vulnerability Description
A denial of service vulnerability exists in the NetX Component HTTP server functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability affects X-CUBE-AZRTOS-F7 NetX Duo Web Component HTTP server v 1.1.0. This HTTP server implementation is contained in this file - x-cube-azrtos-f7\Middlewares\ST\netxduo\addons\web\nx_web_http_server.c
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| St | X-Cube-Azrt-H7Rs | 1.0.0 |
| St | X-Cube-Azrtos-F4 | 1.1.0 |
| St | X-Cube-Azrtos-F7 | 1.1.0 |
| St | X-Cube-Azrtos-G0 | 1.1.0 |
| St | X-Cube-Azrtos-G4 | 2.0.0 |
| St | X-Cube-Azrtos-H7 | 3.3.0 |
| St | X-Cube-Azrtos-L4 | 2.0.0 |
| St | X-Cube-Azrtos-L5 | 2.0.0 |
| St | X-Cube-Azrtos-Wb | 2.0.0 |
| St | X-Cube-Azrtos-Wl | 2.0.0 |
Related Weaknesses (CWE)
References
- https://talosintelligence.com/vulnerability_reports/TALOS-2024-2097ExploitThird Party Advisory
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2097
FAQ
What is CVE-2024-50384?
CVE-2024-50384 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A denial of service vulnerability exists in the NetX Component HTTP server functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service....
How severe is CVE-2024-50384?
CVE-2024-50384 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-50384?
Check the references section above for vendor advisories and patch information. Affected products include: St X-Cube-Azrt-H7Rs, St X-Cube-Azrtos-F4, St X-Cube-Azrtos-F7, St X-Cube-Azrtos-G0, St X-Cube-Azrtos-G4.