The Treck TCP/IP stack before 6.0.1.66 allows Remote Code execution via a single invalid DNS response.
Published: 2020-06-17
Researchers discovered 19 new zero-day vulnerabilities in a TCP/IP software library developed by Treck. Dubbed Ripple20, the batch includes CVE-2020-11901, which has the potential to allow control of an internet-connected device. Update June 24, 2020: We’ve updated the Identifying affected systems section to include an additional link to a newly released Tenable plugin as well as additional information for our tenable.ot customers.