CVE-2026-24803 Overview
CVE-2026-24803 is a Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability affecting the coolsnowwolf LEDE firmware distribution, specifically within the MT7615D WiFi driver security modules. The vulnerability exists in the bn_lib.C program file within the package/lean/mt/drivers/mt7615d/src/mt_wifi/embedded/security modules.
This infinite loop vulnerability (CWE-835) can be triggered remotely over the network without requiring authentication or user interaction. When exploited, the vulnerability causes the affected device to enter a non-recoverable processing state, resulting in complete denial of service for both the device and potentially downstream network segments that depend on it.
Critical Impact
Network-accessible infinite loop vulnerability in WiFi driver security modules can cause complete device unavailability and downstream network disruption without authentication requirements.
Affected Products
- coolsnowwolf LEDE through version r25.10.1
- MT7615D WiFi driver security modules (mt_wifi/embedded/security)
- Devices utilizing the affected bn_lib.C implementation
Discovery Timeline
- 2026-01-27 - CVE-2026-24803 published to NVD
- 2026-01-27 - Last updated in NVD database
Technical Details for CVE-2026-24803
Vulnerability Analysis
The vulnerability resides in the bn_lib.C file, which handles big number (BN) cryptographic library operations within the WiFi driver's security stack. The infinite loop condition occurs when specific input conditions cause the loop termination logic to become unreachable, resulting in the processor being trapped in an endless execution cycle.
This type of vulnerability in WiFi driver security modules is particularly concerning because the affected code path handles network-sourced security operations. An attacker can craft malicious network packets that trigger the vulnerable code path, causing the device to become completely unresponsive.
The network attack vector combined with no authentication requirements means that any device running the vulnerable LEDE firmware version with the MT7615D driver is at risk from any attacker with network access to the device.
Root Cause
The root cause is a loop construct within bn_lib.C that contains an exit condition which cannot be satisfied under certain input scenarios. This is classified as CWE-835 (Loop with Unreachable Exit Condition). The big number library operations likely involve iterative calculations where boundary conditions or edge cases were not properly validated, allowing crafted input to create a state where the loop's termination condition is mathematically impossible to reach.
Attack Vector
The attack can be executed remotely over the network (AV:N) with low complexity (AC:L). The attacker requires no privileges or authentication (PR:N) and no user interaction is needed (UI:N). The vulnerability primarily impacts availability, causing high availability impact to both the vulnerable system (VA:H) and subsequent downstream systems (SA:H).
An attacker would target the WiFi driver's security processing by sending specially crafted wireless frames or network packets that are processed by the vulnerable bn_lib.C code. Once the infinite loop is triggered, the device becomes unresponsive and requires a hard reset to recover functionality.
Detection Methods for CVE-2026-24803
Indicators of Compromise
- Device becomes completely unresponsive with no network connectivity
- High CPU utilization on the WiFi driver process or kernel thread
- System logs may show security module processing initiated but never completing
- Network timeouts from devices dependent on the affected WiFi access point
Detection Strategies
- Monitor for abnormal CPU utilization patterns on embedded devices running LEDE firmware
- Implement network monitoring to detect sudden connectivity losses from LEDE-based access points
- Deploy watchdog timers to detect and alert on device unresponsiveness
- Review logs for unusual patterns in WiFi security handshake processing
Monitoring Recommendations
- Configure SNMP or similar monitoring for device availability and response times
- Implement automated alerting for network segment outages affecting LEDE devices
- Set up periodic connectivity health checks to affected access points
- Monitor for unusual wireless client connection patterns that may indicate exploitation attempts
How to Mitigate CVE-2026-24803
Immediate Actions Required
- Identify all devices running coolsnowwolf LEDE firmware version r25.10.1 or earlier
- Restrict network access to affected devices where possible using firewall rules
- Implement network segmentation to limit the blast radius of potential exploitation
- Plan for firmware updates once patches become available
Patch Information
A fix for this vulnerability is discussed in the GitHub Pull Request #13346 for the coolsnowwolf LEDE repository. Administrators should monitor this pull request for merge status and update their firmware builds accordingly once the fix is incorporated.
Users building LEDE from source should apply the patch from the pull request to their local builds. Those using pre-built firmware images should wait for updated releases that incorporate the security fix.
Workarounds
- Limit network exposure of affected devices by placing them behind firewalls with strict access controls
- Disable or restrict access to the WiFi security features if operationally feasible (may reduce security posture)
- Implement hardware watchdog timers to automatically reboot devices that become unresponsive
- Consider temporary migration to alternative firmware or hardware until patches are available
# Example: Restrict network access to LEDE device management interface
iptables -A INPUT -p tcp --dport 22 -s 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j DROP
iptables -A INPUT -p tcp --dport 80 -s 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
