The publications are suspended, except for particular events, from 1 to 21 August. In the meantime, we are preparing some news for the second half of the year.
AMNESIA:33 is still a threat. Update the software now! The bunch of vulnerabilities in Multiple open-source embedded TCP/IP stacks, used in IoT and embedded devices, pose a immediate risk for organizations
AMNESIA:33, the bunch of vulnerabilities in Multiple open-source embedded TCP/IP stacks, commonly used in Internet of Things (IoT) and embedded devices, is still dangerous. It has been underlined by the Carnegie Mellon University cybersecurity experts, who updated the note on the threat, originally spread on December 08. Most of the flaws are caused by memory management bugs, commonly seen in lightweight software implementations in Real Time Operating Systems (RTOS) and IoT devices. The impact vary widely due to the combination of build and runtime options customized while including these in embedded devices. In summary, a remote, unauthenticated attacker may be able to use specially-crafted network packets to cause the vulnerable device to behave in unexpected ways such as a failure (denial of service), disclosure of private information, or execution of arbitrary code.