IoT Devices (Printers, healthcare devices, IP cams, etc.) may have up to 19 vulnerabilities if they use the Trek Embedded IP Stack. These vulnerabilities have been assigned critical CVEs and include remote code execution, exposure of sensitive information, out-of-bound reads and more.
These CVEs are as follows:
|CVE ID||CVSSv3 Score||Potential Impact|
|CVE-2020-11896||10||Remote Code Execution|
|CVE-2020-11898||9.1||Exposure of sensitive information|
|CVE-2020-11899||5.4||Out-of-bounds read & expose of sensitive information|
|CVE-2020-11900||8.2||Use after free|
|CVE-2020-11901||9||Remote code execution|
|CVE-2020-11903||5.3||Exposure of sensitive information|
|CVE-2020-11905||5.3||Exposure of sensitive information|
|CVE-2020-11908||3.1||Exposure of sensitive information|
|CVE-2020-11911||3.7||Incorrect permission assignment for critical resource|
At this time you will need your vendors to issue patches, until the vendors have patched the issue the only way to mitigate the issue is to ensure proper network segmentation.