CVE-2025-44652 is a high-severity vulnerability affecting the Netgear RAX30 router firmware version 1.0.10.94_3. The root cause lies in the configuration of the bftpd (a FTP daemon) service, specifically the USERLIMIT_GLOBAL option being set to 0 in multiple configuration files. This setting effectively removes any limit on the number of concurrent users that can connect to the FTP service. As a result, an attacker can initiate a Denial of Service (DoS) attack by opening a large number of simultaneous FTP connections, exhausting system resources and causing the device to become unresponsive or crash. The vulnerability is categorized under CWE-770, which relates to allocation of resources without limits or throttling, leading to resource exhaustion. The CVSS v3.1 base score is 7.5 (high), with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), no impact on confidentiality or integrity (C:N/I:N), but high impact on availability (A:H). There are no known exploits in the wild yet, and no patches have been linked at the time of publication. The vulnerability affects the FTP daemon configuration in the Netgear RAX30 router, which is a consumer-grade Wi-Fi 6 router commonly used in home and small office environments. Exploitation requires only network access to the FTP service, which may be exposed on the local network or potentially remotely if port forwarding or remote management is enabled. The lack of user interaction and privileges required makes this vulnerability relatively easy to exploit in environments where the FTP service is accessible. The main consequence is a denial of service, which can disrupt network connectivity and availability of the router, impacting all devices relying on it for internet access and local networking.

For European organizations, especially small businesses and home offices using the Netgear RAX30 router, this vulnerability poses a significant risk to network availability. A successful DoS attack could disrupt business operations by cutting off internet access and internal network communications. This is particularly critical for remote workers and small enterprises that rely on stable connectivity. While the vulnerability does not compromise confidentiality or integrity, the loss of availability can lead to operational downtime, productivity loss, and potential financial impact. Additionally, if the FTP service is exposed to the internet due to misconfiguration, attackers from anywhere could exploit this vulnerability remotely, increasing the attack surface. European organizations with limited IT support may face challenges in detecting and mitigating such attacks promptly. The impact is exacerbated in sectors where continuous connectivity is essential, such as healthcare, finance, and critical infrastructure management within Europe.

1. Immediate mitigation involves disabling the FTP service on the Netgear RAX30 router if it is not required, as this removes the attack vector entirely. 2. If FTP service is necessary, network administrators should restrict access to the FTP port (usually port 21) by implementing firewall rules that limit connections to trusted IP addresses or internal networks only. 3. Monitor the number of concurrent FTP connections and set manual limits if possible through router configuration or external network management tools to prevent resource exhaustion. 4. Regularly check for firmware updates from Netgear and apply patches as soon as they become available to address this vulnerability. 5. For organizations using remote management features, ensure that remote FTP access is disabled or secured with strong authentication and access controls. 6. Employ network intrusion detection systems (NIDS) to detect unusual spikes in FTP connections that may indicate exploitation attempts. 7. Educate users and IT staff about the risks of exposing FTP services and encourage best practices for router configuration and network segmentation to isolate critical systems from vulnerable devices.