Vulnerability in tcp/ip stack enables rces and DoS on iot devices

Security researchers have discovered vulnerabilities in four common tcp/ip stacks used for dns in internet-of-things devices. By exploiting those vulnerabilities, it is possible to take devices offline or take them over.

It concerns nine different vulnerabilities that were discovered by security company Forescout. That captures the vulnerabilities together under the name Name:wreck. Seven of those vulnerabilities are in the tcp/ip stack of Nucleus NET and NetX, one is in FreeBSD and one is in IPnet. Forescout has since contacted these organizations. The vulnerabilities would have been repaired in those stacks, although manufacturers of, for example, Iot devices still have to implement them.

The exploits in most cases involve the dns server and how it validates names when parsing or compressing. This makes it possible to perform a denial-of-service and take a device offline, and in some cases even to enable remote code execution.

Practical exploitation of the vulnerabilities does require an attacker to have access to a victim’s internal network. Forescout mentions one of the nine vulnerabilities that can be implemented in Nucleus NET. In one example, Forescout also describes that an attacker must then set up their own dhcp server that can push its own dns to the device.