Security News > 2020 > June > Ripple20: Flaws in Treck TCP/IP Stack Expose Millions of IoT Devices to Attacks
Millions of IoT devices worldwide could be vulnerable to remote attacks due to serious security flaws affecting the Treck TCP/IP stack, Israel-based cybersecurity company JSOF warned on Tuesday.
"Ripple20 vulnerabilities are unique both in their widespread effect and impact due to supply chain effect and being vulnerabilities allowing attackers to bypass NAT and firewalls and take control of devices undetected, with no user interaction required," JSOF said in a report describing Ripple20.
Treck has developed patches for the vulnerabilities, but in many cases it's not easy to deploy them on impacted devices.
Treck and some of the affected vendors are working on publishing their own advisories for the Ripple20 vulnerabilities.
UPDATE: Treck and CERT/CC have published their advisories for the Ripple20 vulnerabilities.