Security News > 2020 > December > New Critical Flaws in Treck TCP/IP Stack Affect Millions of IoT Devices
The US Cybersecurity Infrastructure and Security Agency has warned of critical vulnerabilities in a low-level TCP/IP software library developed by Treck that, if weaponized, could allow remote attackers to run arbitrary commands and mount denial-of-service attacks.
The four flaws affect Treck TCP/IP stack version 6.0.1.67 and earlier and were reported to the company by Intel.
Treck recommends users to update the stack to version 6.0.1.68 to address the flaws.
The disclosure of new flaws in Treck TCP/IP stack comes six months after Israeli cybersecurity company JSOF uncovered 19 vulnerabilities in the software library - dubbed Ripple20 - that could make it possible for attackers to gain complete control over targeted IoT devices without requiring any user interaction.
Given the complex IoT supply chain involved, the company has released a new detection tool called "Project-memoria-detector" to identify whether a target network device runs a vulnerable TCP/IP stack in a lab setting.