Security News > 2020 > February > Lenovo, HP, Dell Peripherals Face Unpatched Firmware Bugs

Lenovo, HP, Dell Peripherals Face Unpatched Firmware Bugs
2020-02-18 11:00

TouchPad and TrackPoint firmware in Lenovo Laptops, HP Wide Vision FHD camera firmware in HP laptops and the Wi-Fi adapter on Dell XPS laptops were all found to lack secure firmware update mechanisms with proper code-signing.

Eclypsium researchers analyzed a Lenovo ThinkPad X1 Carbon 6th Gen laptop, which contains two vulnerable firmware mechanisms: Touchpad firmware and TrackPoint firmware.

The firmware updates distributed by HP for the HP Wide Vision FHD camera found in the HP Spectre x360 Convertible 13-ap0xxx laptop are unencrypted and lack authenticity checks, Eclypsium noted.

The device's firmware updater is composed of SunplusIT's Windows-based firmware update tool along with the firmware image, and both have issues.

Eclypsium researchers notified HP of the webcam firmware vulnerability on August 4, and Lenovo of the TouchPad/TrackPoint vulnerability on Lenovo on June 13.


News URL

https://threatpost.com/lenovo-hp-dell-peripherals-unpatched-firmware/152936/