Executive Summary

This vulnerability is caused by insufficient validation of the option length in the IPv6 Router Advertisement parser in FreeRTOS-Plus-TCP versions before V4.2.6 and V4.4.1.

An attacker on an adjacent network can exploit this by sending a specially crafted Router Advertisement message that contains a truncated PREFIX_INFORMATION option smaller than the expected size.

This causes the device to crash, resulting in a denial of service.

Useful 0 Not Useful 0

Impact Analysis

The primary impact of this vulnerability is a denial of service condition.

An attacker on the same network can cause the affected device to crash by sending a malformed Router Advertisement message.

This can disrupt device availability and network operations.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this issue, users should upgrade to the fixed version of FreeRTOS-Plus-TCP when it becomes available.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability primarily causes a denial of service (device crash) by processing malformed IPv6 Router Advertisement packets, impacting availability but not confidentiality or integrity.

There is no direct information provided about how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves malformed IPv6 Router Advertisement (RA) packets with truncated PREFIX_INFORMATION options. Detection involves monitoring for unusual or malformed RA packets on the local network.

Network administrators can use packet capture and analysis tools such as tcpdump or Wireshark to detect suspicious RA packets.

• Use tcpdump to capture IPv6 Router Advertisement packets: tcpdump -i <interface> icmp6 and ip6[40] == 134
• Analyze captured packets in Wireshark to inspect the Router Advertisement options, specifically looking for PREFIX_INFORMATION options that are smaller than expected.
• Set up network-level filtering or intrusion detection rules to alert on or block malformed RA packets with truncated options.

Since the vulnerability is triggered by crafted RA packets with insufficient length validation, detecting packets with truncated or malformed PREFIX_INFORMATION options is key.

Useful 0 Not Useful 0

Executive Summary

CVE-2026-7425 is a vulnerability in FreeRTOS-Plus-TCP's IPv6 Router Advertisement (RA) parser. It occurs because the software does not properly validate the length of certain options in RA packets, specifically the PREFIX_INFORMATION option. This insufficient validation allows an attacker on the same local network to send a specially crafted RA packet with a truncated option that is smaller than expected, causing the device to crash due to out-of-bounds memory access.

The flaw affects versions before V4.2.6 and V4.4.1 and can lead to denial of service by crashing the device processing these malformed packets.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can cause a denial of service (DoS) condition by crashing devices running vulnerable versions of FreeRTOS-Plus-TCP when they receive maliciously crafted IPv6 Router Advertisement packets.

An attacker on the local network can exploit this without authentication or user interaction, potentially disrupting device availability and network operations.

There is no direct impact on confidentiality or integrity, but the availability impact is considered high.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability, users should upgrade FreeRTOS-Plus-TCP to version V4.2.6 or V4.4.1 or later, where the issue has been fixed with additional input validation rejecting malformed Router Advertisement packets.

If immediate upgrading is not possible, network-level mitigations include implementing filtering to block untrusted or malformed IPv6 Router Advertisement packets and deploying devices on isolated network segments to prevent rogue RA packet injection.

Useful 0 Not Useful 0