CVE-2024-50385 in X-CUBE-AZRT-H7RS
Summary
by MITRE • 04/02/2025
A denial of service vulnerability exists in the NetX Component HTTP server functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability affects X-CUBE-AZRTOS-F7 NetX Duo Component HTTP Server HTTP server v 1.1.0. This HTTP server implementation is contained in this file - x-cube-azrtos-f7\Middlewares\ST\netxduo\addons\http\nxd_http_server.c
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 09/05/2025
The vulnerability identified as CVE-2024-50385 represents a critical denial of service weakness within the NetX Component HTTP server implementation of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0 software stack. This flaw specifically impacts the X-CUBE-AZRTOS-F7 NetX Duo Component HTTP Server version 1.1.0, which is embedded within the middleware layer of the STMicroelectronics automotive and IoT development ecosystem. The vulnerability manifests through a carefully crafted network packet that can induce system-wide service disruption, effectively rendering the targeted device or system inaccessible to legitimate users and services. The affected component resides in the x-cube-azrtos-f7\Middlewares\ST\etxduo\addons\http\xd_http_server.c file, making it a core element of the HTTP server functionality that handles network communications for embedded applications.
The technical root cause of this vulnerability lies in insufficient input validation and improper handling of malformed network packets within the HTTP server's parsing routines. When the vulnerable HTTP server processes a specially constructed packet, it fails to properly validate the incoming data structure, leading to potential memory corruption, stack overflow conditions, or resource exhaustion scenarios. This weakness creates an exploitable entry point where an attacker can craft packets that bypass normal protocol handling mechanisms, causing the server to either crash completely or enter a state where it cannot process legitimate requests. The vulnerability operates at the network protocol level, targeting the HTTP server implementation rather than higher-level application logic, which makes it particularly dangerous as it can affect the entire communication infrastructure of devices running this middleware. According to CWE classification, this vulnerability maps to CWE-121, which describes heap-based buffer overflow conditions, or potentially CWE-129, indicating improper validation of buffer access, depending on the exact implementation details of the packet parsing code.
The operational impact of CVE-2024-50385 extends beyond simple service interruption to potentially compromise the availability and reliability of embedded systems in critical applications. In automotive environments where STMicroelectronics solutions are commonly deployed, such as in infotainment systems, telematics units, and vehicle communication modules, this vulnerability could result in complete system unavailability during critical operations. The attack vector requires only network access to the affected device, making it particularly dangerous as remote exploitation becomes possible without physical access or specialized equipment. Devices running this vulnerable HTTP server implementation may experience complete service disruption, requiring manual intervention or system reboot to restore normal operations. The vulnerability affects not just individual devices but potentially entire fleets of connected systems, especially in IoT deployments where multiple devices share similar middleware implementations. Organizations using STMicroelectronics automotive and embedded solutions must consider the potential for cascading failures when this vulnerability is exploited in networked environments.
Mitigation strategies for CVE-2024-50385 should prioritize immediate software updates from STMicroelectronics, as the vendor has likely released patches addressing the specific input validation issues within the HTTP server implementation. Network segmentation and access controls should be implemented to limit exposure of vulnerable systems to untrusted networks, while monitoring solutions should be deployed to detect anomalous packet patterns that may indicate exploitation attempts. The implementation of intrusion detection systems capable of identifying malformed HTTP packets can provide early warning capabilities before full service disruption occurs. Organizations should also consider disabling the HTTP server functionality when it is not actively required, reducing the attack surface for potential exploitation. Additionally, implementing proper input validation at network boundaries and employing robust error handling mechanisms within the application layer can provide defense-in-depth approaches to minimize the impact of similar vulnerabilities. This vulnerability aligns with ATT&CK technique T1499.004, which describes network denial of service attacks, and may also relate to T1595.001 for reconnaissance activities that identify vulnerable systems within the network infrastructure.