Quote:
Originally Posted by peter_4059
Gary,
Does the vulnerability end when the device is no longer connected to the network or does it remain with any software installed to connect to the device?
Cheers,
Peter
|
Hi Peter,
In one worse case scenario, if someone had already exploited the
vulnerability of an internet facing device to get into the intranet and
then created additional back doors for themselves on other devices
such as routers or computers, then it would be a case of closing the
barn door after the horse has already bolted.
But one would have to be unlucky.
Firstly, you would need to have a device that has the Treck TCP/IP stack
installed and for it to be internet accessible. Secondly, you would have to
then be targeted before having either patched the vulnerable device or
re-configured it to no longer being internet accessible.
As JSOF noted, the supply chain for this particular stack may be complex.
One manufacturer who originally purchased the stack may in turn have
other OEM customers.