securityaffairs.com 7/6/2026, 11:47:18 AM · external

IoT Firmware at Risk as runZero Finds Seven FatFs Vulnerabilities

IoT Firmware at Risk as runZero Finds Seven FatFs Vulnerabilities
CyberSIXT Evidence Panel
Primary Source runzero.com

RUNZERO has identified seven significant vulnerabilities in FatFs, a filesystem library widely used in IoT and embedded devices. These flaws, affecting platforms like Espressif ESP-IDF and STMicroelectronics STM32Cube, can lead to memory corruption, crashes, and data leaks through maliciously crafted storage devices. Severity ratings range from Medium to High. Key issues include integer overflow, stack overflow, and memory corruption due to improper handling of file metadata.

Most devices using FatFs lack modern memory protections, increasing the risk of exploitation with physical access. Mirroring a 2017 audit, the security improvements were largely due to automated testing with AI tools. Six of the vulnerabilities currently have no upstream patch, necessitating device manufacturers to audit their versions of FatFs and ensure proper security responses.

View Primary Source Via securityaffairs.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline