IOT device security can be improved by following guidance just issued by CISA

CERT/CC and CISA Report Multiple Vulnerabilities in Dnsmasq | CISA

VU#434904 – Dnsmasq is vulnerable to memory corruption and cache poisoning (cert.org)

CISA and the CERT Coordination Center (CERT/CC) are aware of multiple vulnerabilities affecting Dnsmasq version 2.82 and prior. Dnsmasq is a widely-used, open-source software that provides Domain Name Service forwarding and caching and is common in Internet-of-Things (IoT) and other embedded devices. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.  CISA encourages users and vendors of IoT and embedded devices that use Dnsmasq to review CERT/CC VU#434904 and CISA ICSA-21-019-01 21 for more information and to apply the necessary update. Refer to vendors for appropriate patches, when available.

Go to Source of this post
Author Of this post: harrywaldron

By admin