“In June of this year, “Ripple20” (not only) shook the Internet of things:
19 vulnerabilities in a TCP/IP Stack for Embedded devices made “hundreds of millions” devices vulnerable, according to their discoverers.
Now, Stack analysis by another team of researchers using Fuzzing, a variant of automated software testing, and static Code analysis have revealed 33 new vulnerabilities, three of which were rated critical.”
auto translated from https://www.heise.de/news/Amnesia-33-ein-Ripple20-Deja-vu-im-Open-Source-Gewand-4982063.html
- CVE-2020-24336 (CVSS-Score 9.8/”Critical”, RCE, uIP)
- CVE-2020-24338 (CVSS-Score 9.8/”Critical”, RCE, picoTP)
- CVE-2020-25111 (CVSS-Score 9.8/”Critical”, RCE, Nut/Net)
- CVE-2020-25112 (CVSS-Score 8.1/”High”, RCE, uIP)
what to do?
in order develops need to look at the vulnerabilities, fix them, and vendors need to provide automatic updates to all devices
Links:
src: https://www.heise.de/news/Amnesia-33-ein-Ripple20-Deja-vu-im-Open-Source-Gewand-4982063.html