Security News > 2020 > June > Ripple20 bugs set off wave of security problems in millions of devices
Security researchers have discovered a handful of game-changing vulnerabilities that spell trouble for dozens of connected device vendors and their customers.
On Tuesday this week security company JSOF unveiled 19 CVEs - four of them critical remote code execution flaws - in a low-level networking software library that render millions of devices vulnerable.
Labeling the discovery Ripple20, the researchers said that the bugs enable attackers to take control of internet-facing devices and then lurk undetected for years.
Hundreds of millions of devices are now at risk as a result of the bugs.
Only basic details of these bugs are available today, but the researchers will be releasing another two white papers following BlackHat USA this year, showing how they managed to exploit some of the bugs to switch off a Schneider Electric UPS. Until then, the company has listed some advice for device vendors and network operators alike, showing them how to protect equipment that they can't immediately update.