News.Risky.Biz
Critical FatFs Vulnerabilities Enable Physical Access Attacks on Millions of Devices
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Security firm runZero has identified seven unpatched vulnerabilities in the FatFs filesystem driver, affecting millions of embedded devices. These vulnerabilities can be exploited through malicious media or firmware images, leading to memory corruption, denial of service, and potential code execution. Devices utilizing FatFs, which is widely adopted in industrial and IoT ecosystems, are at risk, including those based on various RTOS platforms. The vulnerabilities range from CVSS Medium to High severity, with no patches currently available. Exploitation requires physical access to the device, but some scenarios allow for remote exploitation via OTA updates. The vulnerabilities are cataloged as CVE-2026-8451 and CVE-2026-45659, with the latter being actively exploited. The lack of patches and the extensive use of FatFs across devices heighten the urgency for manufacturers to address these issues.
Key Points: • Seven unpatched vulnerabilities in FatFs expose millions of embedded devices. • Exploitation requires physical access or can occur during OTA updates. • No patches are available, and the vulnerabilities are classified as Medium to High severity.