100M IoT Devices Exposed By Zero-Day Bug

Threat Post -

A high-severity could cause system crashes, knocking out sensors, medical equipment and more.

A in a widely used -of-things () infrastructure code left more than 100 million devices across 10,000 enterprises vulnerable to attacks.

Researchers at Guardara used their to find a zero-day vulnerability in NanoMQ, an open-source platform from EMQ that monitors IoT devices in real time, then acts as a “message broker” to deliver alerts that atypical activity has been detected. EMQ’s products are used to monitor the health of patients leaving a hospital, to detect fires, monitor car systems, in smartwatches, in smart-city applications and more.

“Guardara used its technology to detect multiple issues…that caused EMQ’s NanoMQ product to crash during testing,” the company said in a press statement. “The existence of these means that any NanoMQ reliant system could be brought down completely.”

Guardara CEO Mitali Rakhit told Threatpost that the vulnerability (no assigned) was given a CVSS score of 7.1, making it high-severity.

“How dangerous it is depends on what setting NanoMQ is used in,” Rakhit added.

The bug is caused by improper restriction of operations within the bounds of a memory buffer

Read More: https://threatpost.com/100m-iot-devices-zero-day-bug/174963/