CVE-2024-50594
📋 TL;DR
An integer underflow vulnerability in STMicroelectronics X-CUBE-AZRTOS-WL HTTP server PUT request handling allows denial of service attacks. Attackers can send specially crafted network packets to crash the HTTP server component. This affects devices running the NetX Duo Web Component HTTP Server implementation in X-CUBE-AZRTOS-WL 2.0.0.
💻 Affected Systems
- STMicroelectronics X-CUBE-AZRTOS-WL
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete HTTP service disruption leading to denial of service for all web services on affected devices, potentially requiring device reboot to restore functionality.
Likely Case
HTTP server crash causing temporary service interruption for web-based interfaces or APIs on embedded devices.
If Mitigated
Minimal impact with proper network segmentation and monitoring detecting anomalous PUT request patterns.
🎯 Exploit Status
Exploitation requires crafting specific network packets but no authentication is needed. The vulnerability is in the HTTP PUT request handler.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check STMicroelectronics security advisories for updated version
Vendor Advisory: https://www.st.com
Restart Required: Yes
Instructions:
1. Check STMicroelectronics security advisory for patch details. 2. Update X-CUBE-AZRTOS-WL to patched version. 3. Recompile and redeploy firmware to affected devices. 4. Restart devices to apply changes.
🔧 Temporary Workarounds
Disable HTTP PUT method
allDisable PUT request functionality in HTTP server configuration if not required
Modify nx_web_http_server.c to restrict PUT method handling
Network filtering
linuxBlock or rate-limit HTTP PUT requests at network perimeter
iptables -A INPUT -p tcp --dport 80 -m string --string "PUT" --algo bm -j DROP
iptables -A INPUT -p tcp --dport 443 -m string --string "PUT" --algo bm -j DROP
🧯 If You Can't Patch
- Implement network segmentation to isolate affected devices from untrusted networks
- Deploy WAF or reverse proxy to filter malicious HTTP PUT requests before they reach vulnerable devices
🔍 How to Verify
Check if Vulnerable:
Check if system uses X-CUBE-AZRTOS-WL 2.0.0 with NetX Duo Web Component HTTP Server enabledCheck Version:
Check firmware version in device management interface or via STM32CubeProgrammerVerify Fix Applied:
Verify updated firmware version and test HTTP PUT functionality with fuzzing tools📡 Detection & Monitoring
Log Indicators:
- HTTP server crash logs
- Unusual volume of PUT requests
- HTTP 400/500 errors following PUT requests
Network Indicators:
- Abnormal PUT request patterns
- HTTP traffic spikes followed by service interruption
- Malformed HTTP headers in PUT requests
SIEM Query:
source="http_server" AND (method="PUT" AND (status>=400 OR bytes_received<0))