A vulnerability in the domain name system (DNS) component of a popular C standard library that is present in a wide range of IoT products may put millions of devices at DNS poisoning attack risk.
A threat actor can use DNS poisoning or DNS spoofing to redirect the victim to a malicious website hosted at an IP address on a server controlled by the attacker instead of the legitimate location.
The library uClibc and its fork from the OpenWRT team, uClibc-ng. Both variants are widely used by major vendors like Netgear, Axis, and Linksys, as well as Linux distributions suitable for embedded applications.
Comments are closed.