NAME:WRECK vulnerabilities could impact 100 million servers, IoT devices

Security researchers say they have uncovered nine vulnerabilities in four TCP/IP stacks that could be used to target a range of servers, medical and industrial devices.

The vulnerabilities are being grouped under the title ‘NAME:WRECK’ and were uncovered by Forescout Research Labs and JSOF Research.

The two companies said they intend to present their findings at Black Hat Asia 2021, which is early next month.

The vulnerabilities were found in the FreeBSD, Nucleus NET, IPnet and NetX TCP/IP stacks, and “relate to domain name system (DNS) implementations, causing either denial of service (DoS) or remote code execution (RCE), allowing attackers to take target devices offline or to take control over them,” Forescout Research said in a blog post.

“The widespread use of these stacks and often external exposure of vulnerable DNS clients lead to a dramatically increased attack surface. 

“This research is further indication that the community should fix DNS problems that we believe are more widespread than what we currently know.”

The researchers said that a range of devices could be targeted with the vulnerabilities, from building automation, firewalls, and network appliances, to devices in industrial control systems and ultrasound machines.

They said that all four stacks - FreeBSD, Nucleus NET and NetX - “have been recently patched, and device vendors using this software should provide their own updates to customers.”

However, the researchers also urged other mitigation strategies, including running an “open-source script that uses active fingerprinting to detect devices running the affected stacks”; isolating vulnerable devices from other parts of the network until they can be patched; and creating a “remediation plan for your vulnerable asset inventory, balancing business risk and business continuity requirements.”

The researchers said they “conservatively” estimated around 100 million devices worldwide could be vulnerable.