A set of vulnerabilities has been discovered in VxWorks RTOS making it possible to exploit the operating system on over 800,000 devices connected to the web. The 11 vulnerabilities vary in severity and type, the most interesting of the bunch being a stack overflow in their IPnet TCP/IP stack. With a specially crafted IPv4 packet, it is possible for an attacker to force a stack overflow and reach unauthenticated RCE on the vulnerable devices. Continue reading “URGENT/11 VxWorks RTOS”