Severity Rating: HIGH
Systems Affected
Treck TCP/IP Stack version 6.0.1.67 and prior
Overview
Multiple vulnerabilities have been reported in Treck TCP/IP software, which
could be exploited by a remote attacker to perform Denial of Service (DoS)
attack or execute arbitrary code and take control of an affected system.
Description
Treck TCP/IP stack software is designed for and used in a variety of IoT
and embedded systems. The software can be licensed and integrated in
various ways, including compiled from source, licensed for modification and
reuse and finally as a dynamic or static linked library.
These vulnerabilities exist due to buffer overflow in the Treck HTTP Server
component, out-of-bounds write in the IPv6 component, out-of-bound read in
the DHCPv6.A remote attacker could exploit these vulnerabilities by sending
specially crafted packets to the targeted system. Successful exploitation
of these vulnerabilities allow a remote attacker to perform denial of
service (DoS) attack or execute arbitrary code on the targeted system.
Solution
Update to the latest version (6.0.1.68)
Vendor Information
Treck
References
Treck
CISA
CVE Name
CVE-2020-25066
CVE-2020-27337
CVE-2020-27338
CVE-2020-27336
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.