CVE-2026-7422
Insufficient Packet Validation in FreeRTOS-Plus-TCP
Publication date: 2026-04-29
Last updated on: 2026-05-04
Assigner: AMZN
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| amazon | freertos-plus-tcp | From 4.0.0 (inc) to 4.2.6 (exc) |
| amazon | freertos-plus-tcp | From 4.3.0 (inc) to 4.4.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-290 | This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows an adjacent network actor to bypass checksum and minimum-size validation by spoofing the Ethernet source MAC address, potentially enabling malformed packets to evade security checks.
This could impact data integrity due to the ability to send malformed packets that are not properly validated.
However, there is no direct effect on confidentiality or availability according to the CVSS assessment.
Given the impact on data integrity, organizations subject to standards like GDPR or HIPAA, which require protection of data integrity and security, may need to address this vulnerability to maintain compliance.
Mitigation involves upgrading to fixed versions of FreeRTOS-Plus-TCP, which is necessary to reduce risk and support compliance efforts.
Can you explain this vulnerability to me?
CVE-2026-7422 is a vulnerability in FreeRTOS-Plus-TCP versions before V4.2.6 and V4.4.1 where the packet validation process is insufficient. Specifically, the system's loopback detection mechanism skips checksum and minimum-size validation for packets if the Ethernet source MAC address matches one of the device's own registered endpoints.
An attacker on the same network segment can exploit this by spoofing a registered MAC address, allowing them to send malformed packets that bypass security checks. This means the attacker can send packets that are not properly validated, potentially leading to unexpected behavior in the network stack.
How can this vulnerability impact me? :
This vulnerability allows an adjacent network actor to bypass checksum and minimum-size validation by spoofing a MAC address, which can lead to the acceptance of malformed packets by the device.
The impact is primarily on data integrity, as malformed packets could cause incorrect processing or behavior within the TCP/IP stack. However, there is no direct impact on confidentiality or availability.
The attack requires the attacker to be on the same network segment but does not require special privileges or user interaction.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves an adjacent network actor spoofing the Ethernet source MAC address to match one of the device's own registered endpoints, bypassing checksum and minimum-size validation. Detection would involve monitoring network traffic for packets with source MAC addresses that match local endpoints but exhibit malformed or suspicious packet structures.
Specific commands or tools to detect this vulnerability are not provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade FreeRTOS-Plus-TCP to version V4.2.6 or V4.4.1 or later, where the vulnerability has been fixed.
As a workaround, users can disable outgoing ping support by setting ipconfigSUPPORT_OUTGOING_PINGS to 0 in FreeRTOSIPConfig.h to reduce exposure to related vulnerabilities.
Can you explain this vulnerability to me?
This vulnerability is due to insufficient packet validation in FreeRTOS-Plus-TCP versions before V4.2.6 and V4.4.1. An attacker on an adjacent network can bypass all checksum and minimum-size validation by spoofing the Ethernet source MAC address to match one of the device's own registered endpoints. This happens because the loopback detection mechanism skips all input validation for packets whose source MAC address matches a local endpoint.
How can this vulnerability impact me? :
The impact of this vulnerability is that an adjacent network actor can send malicious packets that bypass important validation checks, potentially leading to the processing of malformed or harmful network packets. This could result in network disruptions or exploitation of the device's TCP/IP stack.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this issue, users should upgrade to the fixed version of FreeRTOS-Plus-TCP when it becomes available.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves an adjacent network actor spoofing the Ethernet source MAC address to match one of the device's own registered endpoints, bypassing checksum and minimum-size validation due to a loopback detection mechanism.
To detect this vulnerability on your network or system, you would need to monitor for suspicious packets where the source MAC address matches a local endpoint but the packet fails normal validation checks or appears malformed.
Since the vulnerability exploits spoofed MAC addresses that match local endpoints, network monitoring tools can be used to capture and analyze Ethernet frames for anomalies.
- Use packet capture tools like tcpdump or Wireshark to monitor Ethernet traffic on the affected device's network segment.
- Example tcpdump command to capture packets with source MAC addresses matching local endpoints (replace <local_mac> with your device MAC addresses):
- tcpdump -i <interface> ether src <local_mac>
- Analyze captured packets for checksum errors or minimum size violations that should normally be detected but might be bypassed due to the vulnerability.
However, no specific detection commands or signatures are provided in the available resources. The best mitigation is to upgrade to the fixed versions V4.2.6 or V4.4.1.