Security vulnerabilities and automated fixes for iot security issues
10 posts found
A critical heap buffer overflow vulnerability was discovered in the BLE MIDI packet assembly code of `blemidi.c`, where attacker-controlled packet length values could trigger writes beyond allocated heap memory. The fix adds an integer overflow guard before the `malloc` call, ensuring that maliciously crafted BLE MIDI packets can no longer corrupt heap memory. This vulnerability is particularly dangerous because it is remotely exploitable by any nearby Bluetooth device — no physical access requi
A high-severity vulnerability in ESP32 firmware allowed attackers to trigger stack and heap corruption by sending malformed UART frames shorter than expected to an mmWave sensor driver. Multiple `memcpy` operations copied data into fixed-size local variables without first verifying the source buffer was large enough, opening the door to arbitrary code execution. The fix replaces magic-number length guards with `sizeof()`-based checks that are portable, self-documenting, and provably correct.
A medium-severity vulnerability in the ESP32-audioI2S library allowed audio streaming credentials to be transmitted via HTTP Basic Authentication over unencrypted HTTP connections, making them trivially recoverable by anyone on the same network. The fix gates the Authorization header behind an SSL/TLS check, ensuring credentials are only sent when the connection is encrypted. For embedded IoT devices where credentials are often hardcoded in firmware, this kind of passive interception risk is esp
A critical buffer overflow vulnerability was discovered in the Meshtastic firmware's radio packet handler, where an unchecked `memcpy` operation allowed any node on the mesh network to send a crafted packet with an oversized payload length field, potentially overwriting adjacent memory. Because Meshtastic mesh nodes communicate without authentication, this vulnerability was remotely exploitable by any attacker within radio range — or even further through mesh relay. The fix adds a simple but ess
A critical vulnerability in an embedded HTTP server allowed any unauthenticated attacker to upload and flash arbitrary firmware images to a network switch — no credentials required. Because malicious firmware survives reboots and factory resets, a successful attack could permanently compromise an entire fleet of devices with backdoors or rootkits. The fix adds an authentication gate and corrects dangerous CRC-check logic that would reset the device even on a failed checksum.
A critical buffer overflow vulnerability was discovered in the PCF85063A RTC sensor driver, where an unbounded `sprintf` call could corrupt memory when formatting datetime values. This type of vulnerability is especially dangerous in embedded systems where memory protections are minimal and corrupted I2C data from a malicious device could trigger the overflow. The fix replaces the unsafe `sprintf` with bounds-checked alternatives, closing the door on potential memory corruption attacks.
A critical buffer overflow vulnerability was discovered and patched in RF24Network, a popular C++ library for mesh networking over nRF24L01 radio modules. Unvalidated attacker-controlled size values in `memcpy` calls allowed any nearby attacker to trigger memory corruption by transmitting malformed radio frames — no authentication required. This post breaks down how the vulnerability works, how it was fixed, and what developers can learn from it.
A critical buffer overflow vulnerability was discovered in the ENC28J60 Ethernet driver, where incoming packet data was copied into a fixed-size buffer without validating the packet's self-reported length. On embedded systems lacking ASLR, this flaw could allow an attacker on the same network segment to craft a malicious Ethernet frame and achieve arbitrary code execution. The fix introduces proper bounds checking before the memcpy operation, closing a highly reliable attack vector on constraine
A medium-severity vulnerability was discovered and patched in the PicoW ClockMaster firmware's MQTT client, where file import functionality lacked resource limits and the broker connection lacked authentication—allowing attackers on the same network to inject spoofed motor and LED commands. The fix introduces proper input validation, file size checks, JSON depth limits, and authenticated/encrypted MQTT connections. This case is a timely reminder that IoT firmware security requires the same rigor
A medium-severity vulnerability was discovered and patched in an IoT Over-the-Air (OTA) firmware update server, where a Flask route accepted firmware file uploads without any authentication. This flaw allowed any attacker with network access to push arbitrary firmware binaries to connected IoT devices — a potentially devastating supply chain attack vector. The fix introduces proper authentication controls, closing the door on unauthorized firmware injection.