Skip to main content

CVE-2025-44650: n/a

High
VulnerabilityCVE-2025-44650cvecve-2025-44650
Published: Mon Jul 21 2025 (07/21/2025, 00:00:00 UTC)
Source: CVE Database V5

Description

In Netgear R7000 V1.3.1.64_10.1.36 and EAX80 V1.0.1.70_1.0.2, the USERLIMIT_GLOBAL option is set to 0 in the bftpd.conf configuration file. This can cause DoS attacks when unlimited users are connected.

AI-Powered Analysis

AILast updated: 08/08/2025, 00:40:07 UTC

Technical Analysis

CVE-2025-44650 is a high-severity vulnerability affecting specific firmware versions of Netgear devices, notably the R7000 version 1.3.1.64_10.1.36 and the EAX80 version 1.0.1.70_1.0.2. The vulnerability arises from the configuration of the bftpd (a FTP server daemon) service on these devices, where the USERLIMIT_GLOBAL option is set to 0 in the bftpd.conf file. This setting effectively removes any limit on the number of concurrent user connections to the FTP service. As a result, an attacker can initiate a Denial of Service (DoS) attack by opening an unlimited number of FTP connections, exhausting system resources such as memory, CPU, or network sockets, and causing the device to become unresponsive or crash. The vulnerability is classified under CWE-400 (Uncontrolled Resource Consumption), indicating that it allows resource exhaustion through improper configuration. The CVSS v3.1 base score is 7.5, reflecting a high severity due to the network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction needed (UI:N), unchanged scope (S:U), no impact on confidentiality or integrity (C:N, I:N), but a high impact on availability (A:H). There are no known exploits in the wild at the time of publication, and no patches have been linked yet. This vulnerability is particularly concerning because it can be exploited remotely without authentication or user interaction, making it accessible to a wide range of attackers. The affected devices are commonly used as home or small office routers and Wi-Fi extenders, which often have FTP services enabled for file sharing or firmware updates. The lack of a user connection limit in the FTP daemon configuration is a critical oversight that can be leveraged to disrupt network connectivity and device availability.

Potential Impact

For European organizations, especially small and medium-sized enterprises (SMEs) and home office users relying on Netgear R7000 routers or EAX80 extenders, this vulnerability poses a significant risk to network availability. A successful DoS attack could lead to prolonged network outages, disrupting business operations, remote work, and access to critical resources. The impact is amplified in environments where these devices serve as the primary gateway to the internet or internal networks. Additionally, service providers or managed security service providers (MSSPs) using these devices in customer premises equipment (CPE) could face reputational damage and increased support costs. While the vulnerability does not compromise confidentiality or integrity, the loss of availability can indirectly affect business continuity and compliance with regulations such as GDPR if services are interrupted. The ease of exploitation without authentication means attackers can launch attacks from anywhere on the internet, increasing the threat surface. Given the widespread use of Netgear devices in Europe, the potential for large-scale disruption exists if attackers automate exploitation attempts.

Mitigation Recommendations

To mitigate this vulnerability, European organizations should first identify if they are using the affected Netgear R7000 or EAX80 firmware versions. Immediate steps include disabling the FTP service on these devices if it is not essential, as this removes the attack vector entirely. If FTP functionality is required, administrators should manually edit the bftpd.conf configuration file to set a reasonable USERLIMIT_GLOBAL value, limiting the maximum number of concurrent FTP connections to a safe threshold based on expected usage and device capacity. Network-level controls such as rate limiting and connection throttling on the FTP port (usually port 21) can help mitigate excessive connection attempts. Deploying intrusion detection/prevention systems (IDS/IPS) to monitor for abnormal FTP connection patterns can provide early warning of exploitation attempts. Organizations should also monitor vendor communications for firmware updates or patches addressing this vulnerability and apply them promptly once available. As a longer-term measure, consider replacing affected devices with models that have robust security configurations and regularly updated firmware. Network segmentation can limit the impact of a compromised or DoS-affected device by isolating it from critical infrastructure. Finally, educating users about the risks of enabling unnecessary services on network devices can reduce exposure.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
mitre
Date Reserved
2025-04-22T00:00:00.000Z
Cvss Version
null
State
PUBLISHED

Threat ID: 687e5d5aa83201eaac112432

Added to database: 7/21/2025, 3:31:38 PM

Last enriched: 8/8/2025, 12:40:07 AM

Last updated: 8/13/2025, 12:34:29 AM

Views: 8

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats