CVE-2024-25393 – A stack buffer overflow vulnerability in RT-Thr... (How to Fix)

Q: What is the severity of CVE-2024-25393?

CVE-2024-25393 has a CVSS score of 9.8 (CRITICAL). A stack buffer overflow vulnerability in RT-Thread's AT command server component allows remote code execution. This affects all systems running RT-Thread RTOS with AT server functionality enabled. Attackers can exploit this to take complete control of affected devices.

📋 TL;DR

A stack buffer overflow vulnerability in RT-Thread's AT command server component allows remote code execution. This affects all systems running RT-Thread RTOS with AT server functionality enabled. Attackers can exploit this to take complete control of affected devices.

💻 Affected Systems

Products:

RT-Thread Real-Time Operating System

Versions: All versions through 5.0.2

Operating Systems: RT-Thread RTOS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with AT server functionality enabled. Many IoT/embedded devices use this feature for modem/network communication.

📦 What is this software?

Rt Thread by Rt Thread

View all CVEs affecting Rt Thread →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote unauthenticated attacker gains full system control, executes arbitrary code, and potentially pivots to other network devices.

🟠

Likely Case

Remote code execution leading to device compromise, data theft, or integration into botnets.

🟢

If Mitigated

Denial of service or system instability if exploit attempts are blocked but successful execution is prevented.

🌐 Internet-Facing: HIGH - AT server functionality is often exposed to networks, making internet-facing devices particularly vulnerable.

🏢 Internal Only: HIGH - Even internally, this vulnerability allows lateral movement and privilege escalation within networks.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Technical details and proof-of-concept are publicly available. The vulnerability is straightforward to exploit given its stack buffer overflow nature.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.0.3 and later

Vendor Advisory: https://github.com/RT-Thread/rt-thread/issues/8288

Restart Required: Yes

Instructions:

1. Update RT-Thread to version 5.0.3 or later. 2. Rebuild and redeploy the firmware. 3. Restart affected devices.

🔧 Temporary Workarounds

Disable AT Server

all

Disable the vulnerable AT server component if not required for device functionality.

Disable AT_SERVER in RT-Thread configuration (menuconfig or Kconfig)

Network Segmentation

all

Isolate devices with AT server functionality from untrusted networks.

Implement firewall rules to restrict access to AT server ports

🧯 If You Can't Patch

Implement strict network access controls to limit who can communicate with AT server ports
Deploy intrusion detection/prevention systems to monitor for buffer overflow attempts

🔍 How to Verify

Check if Vulnerable:

Check RT-Thread version and verify AT server is enabled in configuration.

Check Version:

Check RT-Thread version in source code or firmware metadata

Verify Fix Applied:

Verify RT-Thread version is 5.0.3 or later and review source code for proper bounds checking in net/at/src/at_server.c.

📡 Detection & Monitoring

Log Indicators:

AT server crash logs
Stack corruption warnings
Unexpected device reboots

Network Indicators:

Unusual traffic patterns to AT server ports
Malformed AT commands exceeding expected length

SIEM Query:

Search for: 'AT server crash' OR 'stack overflow' OR device_id IN (list_of_rt_thread_devices) AND (unexpected_restart OR memory_error)

📊 Metadata

CVE ID: CVE-2024-25393

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-121

Published: March 27, 2024

Last Updated: November 4, 2025

🔗 References

http://www.openwall.com/lists/oss-security/2024/03/05/1 Mailing List
https://github.com/RT-Thread/rt-thread/issues/8288 Issue Tracking
https://github.com/hnsecurity/vulns/blob/main/HNS-2024-05-rt-thread.txt Third Party Advisory
https://seclists.org/fulldisclosure/2024/Mar/28 Mailing List
https://security.humanativaspa.it/multiple-vulnerabilities-in-rt-thread-rtos/ Third Party Advisory
http://seclists.org/fulldisclosure/2024/Mar/28
http://www.openwall.com/lists/oss-security/2024/03/05/1 Mailing List
https://github.com/RT-Thread/rt-thread/issues/8288 Issue Tracking
https://github.com/hnsecurity/vulns/blob/main/HNS-2024-05-rt-thread.txt Third Party Advisory
https://seclists.org/fulldisclosure/2024/Mar/28 Mailing List
https://security.humanativaspa.it/multiple-vulnerabilities-in-rt-thread-rtos/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-25393, you might also want to check these: