CVE-2024-50596 – An integer underflow vulnerability in the HTTP ... (How to Fix)

Q: What is the severity of CVE-2024-50596?

CVE-2024-50596 has a CVSS score of 4.3 (MEDIUM). An integer underflow vulnerability in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL allows attackers to cause denial of service via specially crafted network packets. This affects devices running the NetX Duo Web Component HTTP Server implementation. Embedded systems and IoT devices using this middleware are vulnerable.

📋 TL;DR

An integer underflow vulnerability in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL allows attackers to cause denial of service via specially crafted network packets. This affects devices running the NetX Duo Web Component HTTP Server implementation. Embedded systems and IoT devices using this middleware are vulnerable.

💻 Affected Systems

Products:

STMicroelectronics X-CUBE-AZRTOS-WL

Versions: 2.0.0

Operating Systems: Embedded RTOS systems using NetX Duo middleware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with HTTP server functionality enabled using the vulnerable NetX Duo Web Component.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash or reboot, rendering the device unavailable until manual intervention.

🟠

Likely Case

HTTP server process crashes, disrupting web services while other system functions may continue.

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring to detect and block malicious packets.

🌐 Internet-Facing: MEDIUM - Devices exposed to the internet are vulnerable to DoS attacks but require specific packet crafting.

🏢 Internal Only: LOW - Internal network exposure reduces attack surface, but insider threats or compromised internal systems could still exploit.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires crafting specific HTTP PUT request packets but no authentication is needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check STMicroelectronics for updated version

Vendor Advisory: https://www.st.com

Restart Required: Yes

Instructions:

1. Check STMicroelectronics security advisory for patch details
2. Update to patched version of X-CUBE-AZRTOS-WL
3. Rebuild and redeploy firmware
4. Restart affected devices

🔧 Temporary Workarounds

Disable HTTP PUT method

all

Configure HTTP server to reject or disable PUT requests if not required.

Modify nx_web_http_server.c configuration to restrict PUT method

Network filtering

all

Use firewalls or IPS to block malicious HTTP PUT packets.

Configure network devices to inspect and filter HTTP traffic for abnormal PUT requests

🧯 If You Can't Patch

Implement strict network segmentation to isolate vulnerable devices from untrusted networks.
Deploy intrusion detection systems to monitor for exploitation attempts and alert on abnormal HTTP traffic.

🔍 How to Verify

Check if Vulnerable:

Check if system uses X-CUBE-AZRTOS-WL 2.0.0 with NetX Duo Web Component HTTP Server enabled.

Check Version:

Check firmware version or middleware version in device configuration

Verify Fix Applied:

Verify updated firmware version and test HTTP PUT functionality with normal requests.

📡 Detection & Monitoring

Log Indicators:

HTTP server crash logs
Abnormal process termination
Repeated failed HTTP PUT requests

Network Indicators:

Malformed HTTP PUT packets
Unusual traffic patterns to HTTP ports
DoS attack signatures

SIEM Query:

source="http_server" AND (event="crash" OR event="abnormal_termination")

📊 Metadata

CVE ID: CVE-2024-50596

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CWE: CWE-191

EPSS Score: 0.31% exploit probability (53.6th percentile)

Published: April 2, 2025

Last Updated: November 3, 2025

🔗 References

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2103 Exploit,Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2103

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-50596, you might also want to check these: