A loophole in all versions of the popular C standard libraries uClibe and uClibe-ng is allowing for DNS poisoning attacks against target devices.
Researchers discovered that an unpatched Domain Name System (DNS) issue in a popular standard C library can be used to launch DNS poisoning attacks against millions of IoT devices and routers, potentially allowing attackers to seize control of them.
Researchers from Nozomi Networks Labs uncovered a problem impacting the implementation of DNS in all versions of uClibc and uClibc-ng, prominent C standard libraries used in a wide range of IoT products, according to a blog post published this week. In the meanwhile, Nozomi Networks advises network managers in both IT and operational technology contexts to improve network visibility and security.
Read More: https://threatpost.com/dns-bug-millions-routers-iot-risk/179478/