CVE-2025-44652

Published: Jul 21, 2025Modified: Jan 2, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

In Netgear RAX30 V1.0.10.94_3, the USERLIMIT_GLOBAL option is set to 0 in multiple bftpd-related configuration files. This can cause DoS attacks when unlimited users are connected.

Affected (1)

Products: Netgear: Rax30 Firmware

Netgear

1 product

Rax30 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netgear Rax30 Firmware	Version 1.0.10.94_3

Running on/with	Platform Versions
Netgear Rax30	All versions

Related CWEs

CWE-770

Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (3)

https://gist.github.com/TPCchecker/cb4549b7689727efeb24de0802c0fde3

Source: cve@mitre.org

Broken Link

https://www.netgear.com/about/security/

Source: cve@mitre.org

Vendor Advisory

https://www.notion.so/CVE-2025-44652-24754a1113e78003909afbd6f7fd707b

Source: cve@mitre.org

Third Party Advisory

Timeline

No history available yet.