CVE-2025-44650: n/a
In Netgear R7000 V1.3.1.64_10.1.36 and EAX80 V1.0.1.70_1.0.2, the USERLIMIT_GLOBAL option is set to 0 in the bftpd.conf configuration file. This can cause DoS attacks when unlimited users are connected.
AI Analysis
Technical Summary
CVE-2025-44650 is a high-severity vulnerability affecting specific firmware versions of Netgear devices, notably the R7000 version 1.3.1.64_10.1.36 and the EAX80 version 1.0.1.70_1.0.2. The vulnerability arises from the configuration of the bftpd (a FTP server daemon) service on these devices, where the USERLIMIT_GLOBAL option is set to 0 in the bftpd.conf file. This setting effectively removes any limit on the number of concurrent user connections to the FTP service. As a result, an attacker can initiate a Denial of Service (DoS) attack by opening an unlimited number of FTP connections, exhausting system resources such as memory, CPU, or network sockets, and causing the device to become unresponsive or crash. The vulnerability is classified under CWE-400 (Uncontrolled Resource Consumption), indicating that it allows resource exhaustion through improper configuration. The CVSS v3.1 base score is 7.5, reflecting a high severity due to the network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction needed (UI:N), unchanged scope (S:U), no impact on confidentiality or integrity (C:N, I:N), but a high impact on availability (A:H). There are no known exploits in the wild at the time of publication, and no patches have been linked yet. This vulnerability is particularly concerning because it can be exploited remotely without authentication or user interaction, making it accessible to a wide range of attackers. The affected devices are commonly used as home or small office routers and Wi-Fi extenders, which often have FTP services enabled for file sharing or firmware updates. The lack of a user connection limit in the FTP daemon configuration is a critical oversight that can be leveraged to disrupt network connectivity and device availability.
Potential Impact
For European organizations, especially small and medium-sized enterprises (SMEs) and home office users relying on Netgear R7000 routers or EAX80 extenders, this vulnerability poses a significant risk to network availability. A successful DoS attack could lead to prolonged network outages, disrupting business operations, remote work, and access to critical resources. The impact is amplified in environments where these devices serve as the primary gateway to the internet or internal networks. Additionally, service providers or managed security service providers (MSSPs) using these devices in customer premises equipment (CPE) could face reputational damage and increased support costs. While the vulnerability does not compromise confidentiality or integrity, the loss of availability can indirectly affect business continuity and compliance with regulations such as GDPR if services are interrupted. The ease of exploitation without authentication means attackers can launch attacks from anywhere on the internet, increasing the threat surface. Given the widespread use of Netgear devices in Europe, the potential for large-scale disruption exists if attackers automate exploitation attempts.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should first identify if they are using the affected Netgear R7000 or EAX80 firmware versions. Immediate steps include disabling the FTP service on these devices if it is not essential, as this removes the attack vector entirely. If FTP functionality is required, administrators should manually edit the bftpd.conf configuration file to set a reasonable USERLIMIT_GLOBAL value, limiting the maximum number of concurrent FTP connections to a safe threshold based on expected usage and device capacity. Network-level controls such as rate limiting and connection throttling on the FTP port (usually port 21) can help mitigate excessive connection attempts. Deploying intrusion detection/prevention systems (IDS/IPS) to monitor for abnormal FTP connection patterns can provide early warning of exploitation attempts. Organizations should also monitor vendor communications for firmware updates or patches addressing this vulnerability and apply them promptly once available. As a longer-term measure, consider replacing affected devices with models that have robust security configurations and regularly updated firmware. Network segmentation can limit the impact of a compromised or DoS-affected device by isolating it from critical infrastructure. Finally, educating users about the risks of enabling unnecessary services on network devices can reduce exposure.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland, Belgium, Sweden, Austria
CVE-2025-44650: n/a
Description
In Netgear R7000 V1.3.1.64_10.1.36 and EAX80 V1.0.1.70_1.0.2, the USERLIMIT_GLOBAL option is set to 0 in the bftpd.conf configuration file. This can cause DoS attacks when unlimited users are connected.
AI-Powered Analysis
Technical Analysis
CVE-2025-44650 is a high-severity vulnerability affecting specific firmware versions of Netgear devices, notably the R7000 version 1.3.1.64_10.1.36 and the EAX80 version 1.0.1.70_1.0.2. The vulnerability arises from the configuration of the bftpd (a FTP server daemon) service on these devices, where the USERLIMIT_GLOBAL option is set to 0 in the bftpd.conf file. This setting effectively removes any limit on the number of concurrent user connections to the FTP service. As a result, an attacker can initiate a Denial of Service (DoS) attack by opening an unlimited number of FTP connections, exhausting system resources such as memory, CPU, or network sockets, and causing the device to become unresponsive or crash. The vulnerability is classified under CWE-400 (Uncontrolled Resource Consumption), indicating that it allows resource exhaustion through improper configuration. The CVSS v3.1 base score is 7.5, reflecting a high severity due to the network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction needed (UI:N), unchanged scope (S:U), no impact on confidentiality or integrity (C:N, I:N), but a high impact on availability (A:H). There are no known exploits in the wild at the time of publication, and no patches have been linked yet. This vulnerability is particularly concerning because it can be exploited remotely without authentication or user interaction, making it accessible to a wide range of attackers. The affected devices are commonly used as home or small office routers and Wi-Fi extenders, which often have FTP services enabled for file sharing or firmware updates. The lack of a user connection limit in the FTP daemon configuration is a critical oversight that can be leveraged to disrupt network connectivity and device availability.
Potential Impact
For European organizations, especially small and medium-sized enterprises (SMEs) and home office users relying on Netgear R7000 routers or EAX80 extenders, this vulnerability poses a significant risk to network availability. A successful DoS attack could lead to prolonged network outages, disrupting business operations, remote work, and access to critical resources. The impact is amplified in environments where these devices serve as the primary gateway to the internet or internal networks. Additionally, service providers or managed security service providers (MSSPs) using these devices in customer premises equipment (CPE) could face reputational damage and increased support costs. While the vulnerability does not compromise confidentiality or integrity, the loss of availability can indirectly affect business continuity and compliance with regulations such as GDPR if services are interrupted. The ease of exploitation without authentication means attackers can launch attacks from anywhere on the internet, increasing the threat surface. Given the widespread use of Netgear devices in Europe, the potential for large-scale disruption exists if attackers automate exploitation attempts.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should first identify if they are using the affected Netgear R7000 or EAX80 firmware versions. Immediate steps include disabling the FTP service on these devices if it is not essential, as this removes the attack vector entirely. If FTP functionality is required, administrators should manually edit the bftpd.conf configuration file to set a reasonable USERLIMIT_GLOBAL value, limiting the maximum number of concurrent FTP connections to a safe threshold based on expected usage and device capacity. Network-level controls such as rate limiting and connection throttling on the FTP port (usually port 21) can help mitigate excessive connection attempts. Deploying intrusion detection/prevention systems (IDS/IPS) to monitor for abnormal FTP connection patterns can provide early warning of exploitation attempts. Organizations should also monitor vendor communications for firmware updates or patches addressing this vulnerability and apply them promptly once available. As a longer-term measure, consider replacing affected devices with models that have robust security configurations and regularly updated firmware. Network segmentation can limit the impact of a compromised or DoS-affected device by isolating it from critical infrastructure. Finally, educating users about the risks of enabling unnecessary services on network devices can reduce exposure.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2025-04-22T00:00:00.000Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 687e5d5aa83201eaac112432
Added to database: 7/21/2025, 3:31:38 PM
Last enriched: 8/8/2025, 12:40:07 AM
Last updated: 8/18/2025, 1:22:21 AM
Views: 9
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.