CVE-2024-50384
📋 TL;DR
A denial of service vulnerability in STMicroelectronics X-CUBE-AZRTOS-WL NetX Component HTTP server allows attackers to crash the server by sending specially crafted network packets. This affects embedded systems using the vulnerable HTTP server implementation in X-CUBE-AZRTOS-F7 NetX Duo Web Component. The vulnerability can disrupt HTTP services on affected devices.
💻 Affected Systems
- STMicroelectronics X-CUBE-AZRTOS-WL
- X-CUBE-AZRTOS-F7 NetX Duo Web Component
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete HTTP service disruption requiring device reboot, potentially affecting critical embedded systems functionality
Likely Case
HTTP service crashes on affected devices, requiring manual restart to restore functionality
If Mitigated
Minimal impact if devices are behind firewalls with packet filtering or have automatic restart mechanisms
🎯 Exploit Status
Attack requires network access to HTTP server port; no authentication needed
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check STMicroelectronics security advisory for updated version
Vendor Advisory: https://www.st.com/en/embedded-software/x-cube-azrtos-wl.html
Restart Required: Yes
Instructions:
1. Check STMicroelectronics security advisory for patch details
2. Update X-CUBE-AZRTOS-WL to patched version
3. Recompile and redeploy firmware to affected devices
4. Restart devices to apply changes
🔧 Temporary Workarounds
Network Access Control
linuxRestrict network access to HTTP server port using firewall rules
iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP
HTTP Server Disable
allDisable HTTP server functionality if not required
Modify firmware configuration to disable NX_WEB_HTTP_SERVER_ENABLE flag
🧯 If You Can't Patch
- Implement network segmentation to isolate affected devices from untrusted networks
- Deploy intrusion detection systems to monitor for malicious HTTP packets
🔍 How to Verify
Check if Vulnerable:
Check firmware version and verify presence of nx_web_http_server.c from vulnerable versionCheck Version:
Check firmware version string or consult device documentationVerify Fix Applied:
Verify updated firmware version and test HTTP server with crafted packet testing📡 Detection & Monitoring
Log Indicators:
- HTTP server crash logs
- Unexpected service restarts
- High volume of malformed HTTP requests
Network Indicators:
- Malformed HTTP packets to port 80/443
- Unusual traffic patterns to embedded device HTTP ports
SIEM Query:
source="embedded-device" AND (event="http_crash" OR event="service_restart")