Skip to main content

NAME:WRECK TCP/IP Vulnerabilities

NAME:WRECK is a collection of nine DNS-related vulnerabilities affecting the TCP/IP stacks used by several embedded and real-time operating systems. Exploitation of the NAME:WRECK vulnerabilities can result in RCE or DoS conditions in a huge range of IoT, SOHO, and manufacturing equipment.

Threat ID:
CC-3822
Threat Severity:
Low
Published:
15 April 2021 12:56 PM
Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

NAME:WRECK is a collection of nine DNS-related vulnerabilities affecting the TCP/IP stacks used by several embedded and real-time operating systems. Exploitation of the NAME:WRECK vulnerabilities can result in RCE or DoS conditions in a huge range of IoT, SOHO, and manufacturing equipment.

Affected platforms

The following platforms are known to be affected:

FreeBSD Versions: all supported versions

Nucleus RTOS Versions: all using Nucleus NET prior to 5.2

NetX Versions: all prior to 6.1.5

Threat details

Introduction

Security researchers have released details of nine vulnerabilities, collectively referred to as NAME:WRECK, in the TCP/IP networking stacks of three popular embedded operating systems (OS). They claim that an unauthenticated remote attacker could exploit some or all of these vulnerabilities to execute arbitrary code or cause denial-of-service conditions on the affected OSs. The NAME:WRECK vulnerabilities expose a large range of operational technology and industrial control systems, including network edge equipment, Internet-of-Medical-Things, Small Office/Home Office equipment, and high-performance servers.

Remediation advice

All affected operating systems vendors have released updates to address the NAME:WRECK vulnerabilities in their products. Affected organisations are encouraged to contact their relevant supplier to apply these patches where possible:

Due to the widespread nature of the affected operating systems, it is highly unlikely that updates will be applied to vulnerable systems on any reasonable timeframes. Affected organisations are encouraged to consider applying the following mitigations instead:

  • Enforce suitable network segmentation.
  • Configure devices to use internal DNS servers where possible.
  • Monitor network logs, particularly those for DNS, mDNS, and DHCP clients, as well as for external DNS traffi

Definitive source of threat updates

Last edited: 15 April 2021 1:28 pm