FreeRTOS TCP/IP Stack RCE, DOS

 ( toMpEr | 2018. október 19., péntek - 11:03 )

FreeRTOS is a market leading, de-facto standard for embedded systems that has been ported to over 40 microcontrollers, which are being used in IoT, aerospace, medical, automotive industries, and more.

In November 2017, Amazon Web Services (AWS) took stewardship for the FreeRTOS kernel and its components.

Ori Karliner, a security researcher at Zimperium Security Labs (zLabs), discovered a total of 13 vulnerabilities in FreeRTOS's TCP/IP stack that also affect its variants maintained by Amazon and WHIS.

These vulnerabilities allow an attacker to crash the device, leak information from the device’s memory, and remotely execute code on it, thus completely compromising it.

https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/
https://thehackernews.com/2018/10/amazon-freertos-iot-os.html