By Howard Solomon
Publication Date: 2026-04-17 23:12:00
Johannes Ullrich, dean of research at the SANS Institute, called this particular problem uncommon, although he acknowledged flash memory space in IoT devices like access points is limited and may fill up from time to time.
“But,” he added, “there is a bigger issue: A competent [vendor] vulnerability management program must always include verification that the patch was indeed applied as expected. There are many reasons why a patch may not be applied correctly, and this is just one way a patch may fail to apply.”
Kellman Meghu, CTO of incident response firm DeepCove Cybersecurity, said overflowing a fixed device’s memory due to a bug “would have me rather annoyed with this vendor. This is very rare in my experience, and something that was an issue way back when storage costs were a factor. I would expect my vendor to be able to clean and manage storage for fixed devices. If this device is supported, this would be an RMA [return merchandise authorization] or fix…
