Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause remote code execution due to memory overflow vulnerabilities in Azure RTOS NETX Duo. The affected components include processes/functions related to snmp, smtp, ftp and dtls in RTOS v6.2.1 and below. The fixes have been included in NetX Duo release 6.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
The vulnerability results from memory overflow errors (CWE-787 — out-of-bounds write) and use-after-free pointer references (CWE-825) in the TCP/IP stack implementation. These errors occur in components handling SNMP, SMTP, FTP, and DTLS protocols. An attacker can send specially crafted network packets without authentication, leading to memory corruption and the ability to take control of the device.
A remote attacker, without authentication, can execute arbitrary code on a vulnerable device, resulting in complete system compromise and potential loss of confidentiality, integrity, and availability of data.
Azure RTOS NetX Duo should be updated to version 6.3.0 or later, which includes security fixes. The manufacturer does not provide any workarounds for this vulnerability.
Azure RTOS NetX Duo version 6.2.1 and earlier — affecting SNMP, SMTP, FTP, and DTLS components.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HMicrosoft Azure Rtos Netx Duo
OSMicrosoft< 6.3.0
Related vulnerabilities
RCE przez przepełnienie pamięci w Azure RTOS NetX Duo (IoT/RTOS)
Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT appl...
Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT appl...
Atak na łańcuch dostaw DAEMON Tools Lite — trojanizacja instalatorów
RCE przez deserializację niezaufanych danych w Microsoft SharePoint Server