Major Vulnerabilities discovered and patched in Realtek RTL8195A Wi-Fi Module

We look back at and review some of the major vulnerabilities and attacks targeting embedded devices in 2020, hoping to avoid similar security issues in 2021.

Yesterday, JSOF published a set of vulnerabilities called "DNSpooq" which affects the immensely popular "dnsmasq" DNS caching server. These vulnerabilities can allow both LAN and WAN based attackers to inject malicious DNS entries and even to entirely take over the dnsmasq host via a remote heap overflow attack.

Vdoo’s security research team discovered a potentially critical vulnerability in RAUC, an open-source framework for firmware updates. Vdoo has responsibly disclosed this vulnerability and worked closely with the vendor verifying the fix to the vulnerability. All the technical details about this security issue and it’s impact can be found in the blog post.