Security firm runZero has disclosed seven vulnerabilities in FatFs, a filesystem library used by numerous devices to read and write FAT and exFAT formats. These flaws, ranging in severity from medium to high, could allow attackers to corrupt device memory or execute their own code. The vulnerabilities were discovered using AI-powered fuzzing tools, highlighting a growing trend in security research, with further coverage provided by The Hacker News.The seven vulnerabilities in FatFs, a library embedded in firmware for devices like security cameras, drones, and industrial controllers, were found to be reachable through malformed USB drives, SD cards, or firmware update files. The most critical flaw, CVE-2026-6682, is an integer overflow during FAT32 volume mounting that can lead to memory corruption and code execution. Other high-severity bugs include buffer overflows related to volume labels and long filenames. Medium-severity issues involve data corruption from math wraps in cache handling and a divide-by-zero error in exFAT that can brick devices. The library's maintainer has been unresponsive to requests for fixes, leaving downstream vendors responsible for patching their products.Affected platforms include Espressif ESP-IDF, STM32Cube, and Zephyr, impacting consumer IoT, industrial gear, and crypto wallets. While no attacks have been reported, proof-of-concept exploits are publicly available, and runZero advises users to treat physical ports and update channels as potential attack surfaces.Source: The Hacker News
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds




