Primary

Context

NetX Duo SNMP Addon Out-of-Bounds Read Vulnerability in Eclipse ThreadX

Vulnerability

Patched

A vulnerability allowing out-of-bounds read has been identified in NextX Duo's SNMP addon, affecting versions through 6.4.3. This issue arises from the SNMPv3 security parameters being parsed without proper length checks, enabling attackers to craft requests that exploit this oversight. The vulnerability is rooted in the `_nx_snmp_version_3_process` function within `nxd_snmp.c`, where the absence of buffer length validation before accessing the security parameters can lead to reading memory outside the allocated buffer, particularly when the buffer length is short.

Impact

Exploitation of this vulnerability could cause system crashes, instability, or memory corruption.

Remediation

Users can upgrade to NetX Duo version 6.4.4 to address this vulnerability.

Added: Oct 17, 2025, 6:20 AM

Updated: Oct 17, 2025, 6:20 AM

Vulnerability Rating

Custom Algorithm

spread

9.8

impact

2.5

exploitability

6.2

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.8

impact

2.5

exploitability

6.2

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NetX Duo SNMP Addon Out-of-Bounds Read Vulnerability in Eclipse ThreadX

Vulnerability

Impact

Remediation

Affected Products

Eclipse NetX Duo

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating