With the introduction of the smart home concept into our lives, many devices that are a part of our daily life have internet connectivity. The vulnerability discovered in the Treck TCP / IP library used in IoT (Internet of Things) devices affects millions of devices.
Treck is on the agenda with the weakness of the TCP / IP library
In recent years, millions of IoT devices have been hacked and many websites have been attacked after the malware called Mirai was installed. The Mirai Botnet attack, one of the largest cyber operations ever performed, had a great impact in the world.
The US Cyber Security Infrastructure and Security Agency (CISA) announced that a vulnerability was discovered in the TCP / IP library developed by Treck. The TCP / IP library, which is actively used in many different areas such as health, transportation systems and production, has brought up 4 different vulnerabilities.
The vulnerability, published with the code CVE-2020-25066 and having the highest CVSS (Common Vulnerability Scoring System) score at 9.8, is the buffer overflow vulnerability. Attackers can control devices by infiltrating the system thanks to the buffer overflow vulnerability.
The second vulnerability, published with the code CVE-2020-27337, has a CVSS score of 9.1, and the vulnerability allows hackers to disable the systems by doing DoS attacks. Vulnerabilities published with CVE-2020-27338 and CVE-2020 -27336 codes have a lower CVSS score.
Stating that the vulnerabilities are found in the version 18.104.22.168 of the TCP / IP library, CISA advised users to install the update released by Treck.