What
IoT Devices (Printers, healthcare devices, IP cams, etc.) may have up to 19 vulnerabilities if they use the Trek Embedded IP Stack. These vulnerabilities have been assigned critical CVEs and include remote code execution, exposure of sensitive information, out-of-bound reads and more.
These CVEs are as follows:
| CVE ID | CVSSv3 Score | Potential Impact |
|---|
| CVE-2020-11896 | 10 | Remote Code Execution |
| CVE-2020-11897 | 10 | Out-of-bounds write |
| CVE-2020-11898 | 9.1 | Exposure of sensitive information |
| CVE-2020-11899 | 5.4 | Out-of-bounds read & expose of sensitive information |
| CVE-2020-11900 | 8.2 | Use after free |
| CVE-2020-11901 | 9 | Remote code execution |
| CVE-2020-11902 | 7.3 | Out-of-bounds read |
| CVE-2020-11903 | 5.3 | Exposure of sensitive information |
| CVE-2020-11904 | 5.6 | Out-of-bounds write |
| CVE-2020-11905 | 5.3 | Exposure of sensitive information |
| CVE-2020-11906 | 5 | Integer underflow |
| CVE-2020-11907 | 5 | Integer underflow |
| CVE-2020-11908 | 3.1 | Exposure of sensitive information |
| CVE-2020-11909 | 3.7 | Integer underflow |
| CVE-2020-11910 | 3.7 | Out-of-bounds read |
| CVE-2020-11911 | 3.7 | Incorrect permission assignment for critical resource |
| CVE-2020-11912 | 3.7 | Out-of-bounds read |
| CVE-2020-11913 | 3.7 | Out-of-bounds read |
| CVE-2020-11914 | 3.1 | Out-of-bounds read |
Mitigation
At this time you will need your vendors to issue patches, until the vendors have patched the issue the only way to mitigate the issue is to ensure proper network segmentation.
