Seven Unpatched Vulnerabilities in FatFs Filesystem Bundled in Millions of Embedded Devices
A security firm disclosed seven vulnerabilities in the FatFs library, which is widely used in embedded systems, allowing physical access or firmware updates to lead to memory corruption and code execution. The flaws are present in critical devices ranging from security cameras and industrial controllers to hardware crypto wallets, highlighting a severe systemic risk in IoT security.
Security firm runZero has disclosed seven vulnerabilities in FatFs, a small filesystem library that lets a device read and write the FAT and exFAT formats used on USB drives and SD cards.
The flaws matter because FatFs is nearly everywhere. It ships inside the firmware that runs security cameras, drones, industrial controllers, hardware crypto wallets, and other devices built on
*** END OF TRANSMISSION ***