An unpatched vulnerability in a popular C standard library found in a variety of IoT products and routers could leave millions of devices vulnerable to attack.

The vulnerability, tracked as CVE-2022-05-02 and discovered by Nozomi Networks, exists in the Domain Name System (DNS) component of the OpenWRT team’s uClibc library and its uClibc-ng fork. Both uClibc and uClibc-ng are commonly used by Netgear, Axis, Linksys, and other major vendors, as well as in Linux distributions designed for embedded applications.



Source link

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.