CVE-2025-44652 is a vulnerability identified in the Netgear RAX30 router firmware version V1.0.10.94_3. The issue stems from the USERLIMIT_GLOBAL configuration option within multiple bftpd-related configuration files being set to 0. The bftpd service is a background FTP daemon used for file transfer operations. Setting USERLIMIT_GLOBAL to 0 effectively removes any limit on the number of concurrent users that can connect to the FTP service. This misconfiguration can lead to a denial-of-service (DoS) condition, as an attacker or multiple users can open an unlimited number of FTP connections, exhausting system resources such as memory, CPU, or network sockets. The exhaustion of these resources can cause the router to become unresponsive or crash, disrupting network availability for legitimate users. The vulnerability does not require authentication or user interaction, as it exploits the configuration of the FTP daemon itself. There are no known exploits in the wild at the time of publication, and no patches or fixes have been linked yet. The absence of a CVSS score indicates that the vulnerability is newly published and not yet fully assessed. However, the technical details suggest a resource exhaustion attack vector that can impact availability severely. The vulnerability specifically affects the Netgear RAX30 router model with the specified firmware version, which is a consumer-grade Wi-Fi 6 router commonly used in home and small office environments.

For European organizations, the impact of this vulnerability can vary depending on the deployment of the affected Netgear RAX30 routers. Small and medium-sized enterprises (SMEs) or home office setups using this router model for their network infrastructure could experience significant disruptions if an attacker exploits this vulnerability. A successful DoS attack could lead to loss of internet connectivity, interruption of business operations, and potential cascading effects on connected devices and services. Critical business functions relying on continuous network availability, such as VoIP, cloud services, or remote work access, could be adversely affected. Additionally, if the router is used as a gateway device in a segmented network, the DoS could isolate entire segments, impacting broader organizational operations. Although the vulnerability does not directly compromise confidentiality or integrity, the availability impact alone can cause operational and financial damage. The lack of known exploits reduces immediate risk, but the ease of exploitation due to no authentication requirements means attackers with network access could trigger the DoS condition. European organizations with remote or distributed workforces relying on consumer-grade networking equipment should be particularly vigilant.

To mitigate this vulnerability, affected organizations should first identify if they are using the Netgear RAX30 router with firmware version V1.0.10.94_3. Since no official patches are currently available, interim mitigations include disabling or restricting the bftpd service if it is not required for operational purposes. Network administrators should consider implementing firewall rules to limit FTP traffic to trusted sources or disable FTP access entirely if not needed. Monitoring network traffic for unusual numbers of FTP connections can help detect attempted exploitation. Additionally, segmenting the network to isolate vulnerable devices and applying rate limiting on connection attempts can reduce the risk of resource exhaustion. Organizations should also engage with Netgear support channels to obtain firmware updates or advisories addressing this vulnerability. As a longer-term measure, replacing consumer-grade routers with enterprise-grade devices that offer better security controls and monitoring capabilities is advisable. Regularly reviewing device configurations to avoid insecure defaults like unlimited user connections is critical. Finally, educating users and IT staff about the risks of exposed FTP services and enforcing strong network access controls will help reduce attack surfaces.