Critical flaws in embedded TCP/IP library impact millions of IoT devices across industries
Millions of devices, from consumer products like printers and IP cameras to specialized devices used across organizations such as video conferencing systems and industrial control systems, are at risk due to critical vulnerabilities found in an embedded TCP/IP library. Some of the flaws allow for remote code execution over the network and can lead to a full compromise of the affected device.
The vulnerabilities were found by an Israeli company called JSOF that specializes in the security of IoT and embedded devices. They affect a proprietary implementation of network protocols developed by a company called Treck. The researchers found 19 flaws, several of which are rated critical, and have dubbed them Ripple20 because they were reported in 2020 and have a ripple effect across the embedded supply chain.