CVE-2026-24804 is a critical security vulnerability identified in the coolsnowwolf LEDE open-source router firmware, specifically within the mt7603e Wi-Fi driver module located in the bn_lib.C source files. The flaw is classified as CWE-835, which corresponds to a loop with an unreachable exit condition, effectively creating an infinite loop scenario. This infinite loop can cause the affected device to become unresponsive or crash, resulting in a denial-of-service (DoS) condition. The vulnerability affects all versions of LEDE up to r25.10.1 and does not require any authentication or user interaction to exploit, making it remotely exploitable over the network. The CVSS 4.0 base score of 9.2 indicates a critical severity level, with the vector showing network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and high impact on availability (A:H). The vulnerability does not impact confidentiality or integrity but severely impacts availability by causing the firmware to enter an infinite loop. No patches or exploits are currently publicly available, but the vulnerability is officially published and should be addressed promptly. The mt7603e chipset is commonly used in various consumer and enterprise-grade wireless routers, making the scope of affected devices potentially broad. The infinite loop could be triggered by crafted network packets or malformed Wi-Fi frames targeting the vulnerable driver code, leading to service disruption or device reboot loops.

For European organizations, this vulnerability poses a significant risk to network availability, especially for those relying on routers or access points running the coolsnowwolf LEDE firmware with the mt7603e Wi-Fi chipset. Critical infrastructure, small and medium enterprises, and ISPs using affected devices could experience network outages or degraded service, impacting business continuity and operational efficiency. The lack of authentication and user interaction requirements means attackers can remotely trigger the infinite loop, potentially launching widespread denial-of-service attacks. This could disrupt internal communications, internet access, and connected services. Additionally, organizations in sectors such as finance, healthcare, and government may face increased risk due to reliance on stable network infrastructure. The vulnerability could also be leveraged as part of a larger attack chain to create diversion or facilitate lateral movement by causing network instability. Given the high severity and ease of exploitation, timely mitigation is critical to prevent operational disruptions and potential reputational damage.

1. Monitor vendor announcements and coolsnowwolf project repositories closely for official patches addressing CVE-2026-24804 and apply updates immediately upon release. 2. Until patches are available, consider disabling or restricting the use of the mt7603e Wi-Fi driver if feasible, or replace affected hardware with devices running alternative firmware or updated drivers. 3. Implement network segmentation to isolate vulnerable devices from critical systems and reduce attack surface exposure. 4. Employ intrusion detection systems (IDS) and network monitoring to detect anomalous traffic patterns that may indicate attempts to exploit the infinite loop vulnerability. 5. Limit external network exposure of affected devices by enforcing strict firewall rules and access controls. 6. Engage with device vendors or community maintainers to request expedited fixes or workarounds. 7. Conduct internal audits to inventory all devices running coolsnowwolf LEDE firmware and assess exposure. 8. Prepare incident response plans to quickly address potential denial-of-service incidents stemming from this vulnerability. 9. Educate network administrators about the vulnerability and signs of exploitation to enable rapid detection and response.