{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24803", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "state": "PUBLISHED", "assignerShortName": "GovTech CSG", "dateReserved": "2026-01-27T08:39:10.280Z", "datePublished": "2026-01-27T08:39:39.043Z", "dateUpdated": "2026-01-27T17:04:27.974Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://github.com/coolsnowwolf/lede", "defaultStatus": "affected", "modules": ["package/lean/mt/drivers/mt7615d/src/mt_wifi/embedded/security"], "product": "lede", "programFiles": ["bn_lib.c"], "vendor": "coolsnowwolf", "versions": [{"lessThanOrEqual": "r25.10.1", "status": "affected", "version": "0", "versionType": "git"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "TITAN Team (titancaproject@gmail.com)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in coolsnowwolf lede (package/lean/mt/drivers/mt7615d/src/mt_wifi/embedded/security modules).<p> This vulnerability is associated with program files <tt>bn_lib.C</tt>.</p><p>This issue affects lede: through r25.10.1.</p>"}], "value": "Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in coolsnowwolf lede (package/lean/mt/drivers/mt7615d/src/mt_wifi/embedded/security modules). This vulnerability is associated with program files bn_lib.C.\n\nThis issue affects lede: through r25.10.1."}], "metrics": [{"cvssV4_0": {"Automatable": "YES", "Recovery": "USER", "Safety": "NEGLIGIBLE", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 9.2, "baseSeverity": "CRITICAL", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "AMBER", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/S:N/AU:Y/R:U/V:C/RE:L/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "LOW"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-835", "description": "CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-01-27T08:39:39.043Z"}, "references": [{"tags": ["patch"], "url": "https://github.com/coolsnowwolf/lede/pull/13346"}], "source": {"discovery": "UNKNOWN"}, "title": "A possible infinite loop vulnerability in coolsnowwolf/lede", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-27T17:04:19.618784Z", "id": "CVE-2026-24803", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T17:04:27.974Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24803", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-27T17:04:19.618784Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T17:04:24.367Z"}}], "cna": {"title": "A possible infinite loop vulnerability in coolsnowwolf/lede", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "TITAN Team (titancaproject@gmail.com)"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NEGLIGIBLE", "version": "4.0", "Recovery": "USER", "baseScore": 9.2, "Automatable": "YES", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/S:N/AU:Y/R:U/V:C/RE:L/U:Amber", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "coolsnowwolf", "modules": ["package/lean/mt/drivers/mt7615d/src/mt_wifi/embedded/security"], "product": "lede", "versions": [{"status": "affected", "version": "0", "versionType": "git", "lessThanOrEqual": "r25.10.1"}], "programFiles": ["bn_lib.c"], "collectionURL": "https://github.com/coolsnowwolf/lede", "defaultStatus": "affected"}], "references": [{"url": "https://github.com/coolsnowwolf/lede/pull/13346", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in coolsnowwolf lede (package/lean/mt/drivers/mt7615d/src/mt_wifi/embedded/security modules). This vulnerability is associated with program files bn_lib.C.\n\nThis issue affects lede: through r25.10.1.", "supportingMedia": [{"type": "text/html", "value": "Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in coolsnowwolf lede (package/lean/mt/drivers/mt7615d/src/mt_wifi/embedded/security modules).<p> This vulnerability is associated with program files <tt>bn_lib.C</tt>.</p><p>This issue affects lede: through r25.10.1.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-835", "description": "CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-01-27T08:39:39.043Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24803", "state": "PUBLISHED", "dateUpdated": "2026-01-27T17:04:27.974Z", "dateReserved": "2026-01-27T08:39:10.280Z", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "datePublished": "2026-01-27T08:39:39.043Z", "assignerShortName": "GovTech CSG"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in coolsnowwolf lede (package/lean/mt/drivers/mt7615d/src/mt_wifi/embedded/security modules). This vulnerability is associated with program files bn_lib.C.\n\nThis issue affects lede: through r25.10.1."}, {"lang": "es", "value": "Vulnerabilidad de 'Bucle con condici\u00f3n de salida inalcanzable' ('Bucle Infinito') en coolsnowwolf lede (m\u00f3dulos de seguridad incrustados en package/lean/mt/drivers/mt7615d/src/mt_wifi). Esta vulnerabilidad est\u00e1 asociada con los archivos de programa bn_lib.C.\n\nEste problema afecta a lede: hasta r25.10.1."}], "id": "CVE-2026-24803", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "YES", "Recovery": "USER", "Safety": "NEGLIGIBLE", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.2, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "AMBER", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:C/RE:L/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "LOW"}, "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}, "published": "2026-01-27T09:15:50.337", "references": [{"source": "cve_disclosure@tech.gov.sg", "url": "https://github.com/coolsnowwolf/lede/pull/13346"}], "sourceIdentifier": "cve_disclosure@tech.gov.sg", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-835"}], "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T14:55:09.931600+00:00", "value": {"mitigation_remediation": ["Apply the patch from pull request 13346, which corrects the loop exit condition.", "Rebuild the lede firmware with the updated driver and flash it onto all affected devices.", "If the device does not require WLAN functionality, disable the affected driver to prevent the loop from being invoked."], "summary": {"action": "Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The flaw affects all installations of coolsnowwolf/lede up to and including version r25.10.1; the exact boundary is inferred from the description, which states the vulnerability is present \"through r25.10.1\". The version range is not explicitly enumerated in the vendor\u2019s advisories. This inference is based solely on the stated wording.", "description_and_impact": "The vulnerability is an infinite loop in the security module bn_lib.C of the coolsnowwolf/lede firmware. The loop contains an unreachable exit condition, causing the executing process to hang indefinitely. An attacker can trigger the loop by sending crafted traffic to the driver, leading to service disruption or resource exhaustion. This weakness is classified as CWE\u2011835.", "risk_and_exploitability": "The CVSS score of 9.2 indicates a high severity denial\u2011of\u2011service vulnerability. The EPSS score of less than 1% shows that the likelihood of active exploitation is low but not zero. The vulnerability is not listed in the CISA KEV catalog, meaning no documented exploits are currently known. Based on the description, it is inferred that the attacker\u2019s attack vector requires interaction with the affected Wi\u2011Fi driver, likely through network traffic or local privileged operations, to trigger the infinite loop. Successful exploitation would cause the driver to consume CPU resources indefinitely, potentially crashing the system or degrading overall performance."}}}}, "created": "2026-01-27T20:16:58.712173+00:00", "updated": "2026-04-18T15:00:03.449290+00:00", "vendors": ["coolsnowwolf", "coolsnowwolf$PRODUCT$lede"]}