NAME:WRECK Vulnerabilities

Infosec researchers at Forescout Research Labs and in partnership with JSOF Research have managed to discover a set of 9 DNS-related vulnerabilities that can potentially affect over 100 million devices across the globe. These vulnerabilities were grouped under the NAME:WRECK designation. The exploits emerge in the way several popular TCP/IP stacks handle DNS requests.

DNS or Domain Name System is an integral part of the way we use the Internet and more specifically how we find and open websites. Instead of having to memorize the numeric IP address of each website we would like to visit, the DNS system does that for us as it matches the user-friendly website names we know that with the actual IP address. The NAME:WRECK vulnerabilities are related to TCP/IP stacks, which are small libraries that are nonetheless essential for any device that requires Internet connectivity or other networking functionalities such as DNS queries. Exploiting the newly discovered weaknesses can potentially allow threat actors to gain control over the exposed devices or command them to shut down.

NAME:WRECK Targets

The NAME:WRECK group of vulnerabilities was found in four popular TCP/IP stacks - FreeBSD, IPnet, Nucleus NET, and NetX:

• FreeBSD is commonly used in firewalls, commercial network appliances as well as multiple open-source projects. The devices that usually run FreeBSD include networking equipment, printers and computer systems
• IPnet is often found on network-connected devices such as printers, routers, firewalls, modems, medical and industrial equipment. 
• Nucleus NET is an RTOS (Real-Time Operating System) that according to its official website is used by billions of devices. Among them are medical devices such as ultrasound machines, storage systems, electronic systems used in airplanes, and more. Even though it can be assumed that the majority of these devices are not connected to the Internet that would still leave a massive pool of potential targets for exploitation. 
• NetX is usually run as part of the Azure RTOS ThreadX. It can be found on, once again, medical devices, multiple printer models, and  SoCs (Systems on a Chip).

It is quite clear that the NAME:WRECK vulnerabilities can put additional pressure on the medical sector that is already one of the prime targets for cyber attacks and operations deploying ransomware, especially.

To mitigate the potential consequences of device breaches, companies are encouraged to patch the affected versions of these TCP/IP stacks as soon as possible. FreeBSD, Nucleus NET, and NetX have already released patches addressing the issue.