CVE-2024-37664 is a vulnerability identified in the Redmi router RB03 running firmware version 1.0.57. The flaw allows an attacker on the same wireless local area network (WLAN) as the victim to disrupt or hijack TCP traffic by sending forged TCP reset (RST) packets. These forged packets cause the router to prematurely evict NAT (Network Address Translation) mappings, which are essential for maintaining active TCP connections between internal clients and external servers. By evicting these mappings, the attacker can forcibly disconnect the victim’s ongoing TCP sessions (causing denial of service) or potentially hijack the traffic by manipulating connection states. The vulnerability is classified under CWE-940, which relates to improper handling of TCP resets. Exploitation requires the attacker to be on the same WLAN, have low privileges, and some user interaction is needed, such as sending crafted packets. The CVSS v3.1 base score is 5.2 (medium severity), reflecting the attack vector as adjacent network (AV:A), low attack complexity (AC:L), requiring privileges (PR:L) and user interaction (UI:R), with impact limited to availability (A:H) and no confidentiality or integrity impact. No patches or exploits are currently publicly available, but the vulnerability poses a risk to network stability and traffic integrity for affected users.

The primary impact of this vulnerability is on the availability of network services for users connected through the affected Redmi router RB03. By evicting NAT mappings via forged TCP RST packets, attackers can cause denial of service by disconnecting active TCP sessions, disrupting business operations, communications, and critical services relying on stable network connections. Additionally, the potential for traffic hijacking could allow attackers to intercept or manipulate data flows, leading to further security risks such as session hijacking or man-in-the-middle attacks. Organizations relying on this router model in environments with shared WLAN access are particularly vulnerable. The disruption could affect remote work, cloud service access, and internal communications. Although the vulnerability does not directly impact confidentiality or integrity, the availability impact can cause operational downtime and loss of productivity. The requirement for local network access limits the attack scope but does not eliminate risk in environments with many users or guest networks.

To mitigate CVE-2024-37664, organizations should first verify if they are using the Redmi router RB03 with firmware version 1.0.57 and monitor for official firmware updates or patches from the vendor. Until a patch is available, network administrators should segment WLANs to restrict access between users, minimizing the risk of an attacker sharing the same wireless network as victims. Implementing strong WLAN access controls, such as WPA3 encryption and client isolation features, can reduce the likelihood of local attackers. Network monitoring tools should be configured to detect unusual TCP RST packet patterns indicative of exploitation attempts. Additionally, consider deploying intrusion detection/prevention systems (IDS/IPS) capable of identifying forged TCP resets. Educate users about the risks of connecting to unsecured or shared WLANs. For critical environments, replacing vulnerable routers with devices from vendors with timely security updates may be necessary. Finally, maintain an inventory of network devices and regularly review their firmware versions and security advisories.