🟠 High  |  Source: The Hacker News


Security researchers at runZero have disclosed seven unpatched vulnerabilities in FatFs, a widely embedded filesystem library used to handle FAT and exFAT storage formats. The library ships inside firmware for security cameras, drones, industrial controllers, and hardware crypto wallets, meaning the attack surface spans millions of physical devices globally. Because the flaws remain unpatched, any device processing untrusted storage media such as USB drives or SD cards could be at risk.

Security Architect’s Take: Audit your organisation’s IoT, OT, and edge device inventory for firmware that incorporates FatFs, and prioritise restricting physical media access (USB/SD) on affected devices until vendor patches are available. Where cloud workloads interact with data ingested from embedded devices — such as telemetry pipelines or device management platforms — treat that data as untrusted and enforce strict input validation at the ingestion boundary.

Original advisory: Unpatched Flaws Disclosed in Filesystem Bundled Into Millions of Embedded Devices