CVE-2026-24804 Overview
CVE-2026-24804 is an Infinite Loop vulnerability (CWE-835) discovered in the coolsnowwolf LEDE firmware distribution, specifically affecting the MT7603E WiFi driver components. The vulnerability resides in the bn_lib.C program file within the package/lean/mt/drivers/mt7603e/src/mt7603_wifi/common modules. When exploited, this vulnerability can cause a loop with an unreachable exit condition, leading to system resource exhaustion and denial of service conditions.
Critical Impact
This vulnerability can be exploited remotely without authentication to cause complete denial of service on affected devices, potentially impacting network availability for downstream systems.
Affected Products
- coolsnowwolf LEDE through version r25.10.1
- MT7603E WiFi driver components (mt7603_wifi/common modules)
- Devices utilizing the affected LEDE firmware with MT7603E wireless chipsets
Discovery Timeline
- 2026-01-27 - CVE-2026-24804 published to NVD
- 2026-01-27 - Last updated in NVD database
Technical Details for CVE-2026-24804
Vulnerability Analysis
This vulnerability is classified as CWE-835: Loop with Unreachable Exit Condition, commonly known as an Infinite Loop vulnerability. The flaw exists in the bn_lib.C file within the MT7603E WiFi driver's common modules in the LEDE firmware distribution maintained by coolsnowwolf.
The vulnerable code path contains a loop construct where the exit condition cannot be satisfied under certain input conditions. When triggered, the affected process enters an infinite loop state, consuming CPU cycles indefinitely. Given the network-accessible attack vector, remote attackers can send specially crafted requests to trigger this condition without requiring any authentication or user interaction.
The impact is primarily availability-focused, as successful exploitation leads to resource exhaustion on the target device. For embedded devices and routers running the affected LEDE firmware, this could result in complete device unresponsiveness, requiring manual intervention or power cycling to restore normal operation.
Root Cause
The root cause lies in improper loop termination logic within the bn_lib.C file. The loop exit condition fails to account for certain edge cases or malformed input, allowing the loop to continue indefinitely. This type of vulnerability often occurs when:
- Loop counters are improperly validated or can be manipulated
- Exit conditions rely on external input that may not conform to expected patterns
- Boundary checks are missing or insufficient for loop termination variables
Attack Vector
The vulnerability is exploitable over the network without requiring authentication or user interaction. An attacker can remotely trigger the infinite loop condition by sending specially crafted network packets or requests to the affected WiFi driver components. The attack does not require any privileges on the target system.
The exploitation mechanism involves sending input that causes the loop in bn_lib.C to enter a state where its exit condition can never be satisfied. Technical details regarding the specific triggering conditions can be found in the GitHub Pull Request Discussion that addresses this vulnerability.
Detection Methods for CVE-2026-24804
Indicators of Compromise
- Sudden and sustained high CPU utilization on affected devices running LEDE firmware with MT7603E drivers
- Device unresponsiveness or failure to process legitimate network traffic
- WiFi connectivity issues coinciding with abnormal system resource consumption
- Repeated device reboots or watchdog timer triggers
Detection Strategies
- Monitor for abnormal CPU usage patterns on devices running affected LEDE firmware versions through r25.10.1
- Implement network-level monitoring for unusual traffic patterns targeting WiFi management interfaces
- Deploy endpoint detection capabilities to identify processes stuck in unresponsive states
- Utilize SentinelOne's behavioral AI to detect anomalous resource consumption patterns indicative of DoS conditions
Monitoring Recommendations
- Enable logging and alerting for resource exhaustion events on network infrastructure devices
- Configure SNMP or similar monitoring protocols to track CPU and memory utilization on affected routers and access points
- Establish baseline performance metrics to facilitate detection of anomalous behavior
- Implement automated alerting when devices become unresponsive or exceed resource thresholds
How to Mitigate CVE-2026-24804
Immediate Actions Required
- Identify all devices in your environment running coolsnowwolf LEDE firmware version r25.10.1 or earlier with MT7603E WiFi chipsets
- Review the GitHub Pull Request for patch availability and apply updates when available
- Implement network segmentation to limit exposure of affected devices to untrusted networks
- Consider temporarily disabling affected WiFi functionality if the risk is deemed unacceptable and alternative connectivity is available
Patch Information
A fix for this vulnerability has been discussed in GitHub Pull Request #13368 for the coolsnowwolf LEDE project. Users should monitor this pull request for merge status and update their firmware installations accordingly once the patch is incorporated into a stable release.
Workarounds
- Restrict network access to affected devices using firewall rules to limit exposure to trusted sources only
- Implement rate limiting on network interfaces to mitigate potential exploitation attempts
- Deploy intrusion prevention systems (IPS) to detect and block anomalous traffic patterns targeting affected systems
- Consider replacing affected MT7603E-based devices with hardware using different chipsets if patching is not immediately feasible
# Example: Restrict access to affected device management interfaces
# Add firewall rules to limit access to trusted networks only
iptables -A INPUT -p tcp --dport 80 -s 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -s 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
