Threat Post -
A high-severity vulnerability could cause system crashes, knocking out sensors, medical equipment and more.
Researchers at Guardara used their technology to find a zero-day vulnerability in NanoMQ, an open-source platform from EMQ that monitors IoT devices in real time, then acts as a “message broker” to deliver alerts that atypical activity has been detected. EMQ’s products are used to monitor the health of patients leaving a hospital, to detect fires, monitor car systems, in smartwatches, in smart-city applications and more.
“Guardara used its technology to detect multiple issues…that caused EMQ’s NanoMQ product to crash during testing,” the company said in a press statement. “The existence of these vulnerabilities means that any NanoMQ reliant system could be brought down completely.”
Guardara CEO Mitali Rakhit told Threatpost that the vulnerability (no cve assigned) was given a CVSS score of 7.1, making it high-severity.
“How dangerous it is depends on what setting NanoMQ is used in,” Rakhit added.
The bug is caused by improper restriction of operations within the bounds of a memory buffer