CVE-2025-44650 is a high-severity vulnerability affecting specific firmware versions of Netgear devices, notably the R7000 version 1.3.1.64_10.1.36 and the EAX80 version 1.0.1.70_1.0.2. The vulnerability arises from the configuration of the bftpd (a FTP server daemon) service on these devices, where the USERLIMIT_GLOBAL option is set to 0 in the bftpd.conf file. This setting effectively removes any limit on the number of concurrent user connections to the FTP service. As a result, an attacker can initiate a Denial of Service (DoS) attack by opening an unlimited number of FTP connections, exhausting system resources such as memory, CPU, or network sockets, and causing the device to become unresponsive or crash. The vulnerability is classified under CWE-400 (Uncontrolled Resource Consumption), indicating that it allows resource exhaustion through improper configuration. The CVSS v3.1 base score is 7.5, reflecting a high severity due to the network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction needed (UI:N), unchanged scope (S:U), no impact on confidentiality or integrity (C:N, I:N), but a high impact on availability (A:H). There are no known exploits in the wild at the time of publication, and no patches have been linked yet. This vulnerability is particularly concerning because it can be exploited remotely without authentication or user interaction, making it accessible to a wide range of attackers. The affected devices are commonly used as home or small office routers and Wi-Fi extenders, which often have FTP services enabled for file sharing or firmware updates. The lack of a user connection limit in the FTP daemon configuration is a critical oversight that can be leveraged to disrupt network connectivity and device availability.

For European organizations, especially small and medium-sized enterprises (SMEs) and home office users relying on Netgear R7000 routers or EAX80 extenders, this vulnerability poses a significant risk to network availability. A successful DoS attack could lead to prolonged network outages, disrupting business operations, remote work, and access to critical resources. The impact is amplified in environments where these devices serve as the primary gateway to the internet or internal networks. Additionally, service providers or managed security service providers (MSSPs) using these devices in customer premises equipment (CPE) could face reputational damage and increased support costs. While the vulnerability does not compromise confidentiality or integrity, the loss of availability can indirectly affect business continuity and compliance with regulations such as GDPR if services are interrupted. The ease of exploitation without authentication means attackers can launch attacks from anywhere on the internet, increasing the threat surface. Given the widespread use of Netgear devices in Europe, the potential for large-scale disruption exists if attackers automate exploitation attempts.

To mitigate this vulnerability, European organizations should first identify if they are using the affected Netgear R7000 or EAX80 firmware versions. Immediate steps include disabling the FTP service on these devices if it is not essential, as this removes the attack vector entirely. If FTP functionality is required, administrators should manually edit the bftpd.conf configuration file to set a reasonable USERLIMIT_GLOBAL value, limiting the maximum number of concurrent FTP connections to a safe threshold based on expected usage and device capacity. Network-level controls such as rate limiting and connection throttling on the FTP port (usually port 21) can help mitigate excessive connection attempts. Deploying intrusion detection/prevention systems (IDS/IPS) to monitor for abnormal FTP connection patterns can provide early warning of exploitation attempts. Organizations should also monitor vendor communications for firmware updates or patches addressing this vulnerability and apply them promptly once available. As a longer-term measure, consider replacing affected devices with models that have robust security configurations and regularly updated firmware. Network segmentation can limit the impact of a compromised or DoS-affected device by isolating it from critical infrastructure. Finally, educating users about the risks of enabling unnecessary services on network devices can reduce exposure.