{"id":7715,"date":"2022-05-09T15:15:51","date_gmt":"2022-05-09T22:15:51","guid":{"rendered":"https:\/\/blogs.infoblox.com\/?p=7715"},"modified":"2022-05-12T13:38:17","modified_gmt":"2022-05-12T20:38:17","slug":"unpatched-dns-vulnerability-affects-many-iot-products","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/security\/unpatched-dns-vulnerability-affects-many-iot-products\/","title":{"rendered":"Unpatched DNS Vulnerability Affects Many IoT Products"},"content":{"rendered":"<p>Last week, Nozomi Networks released an advisory (tracked as <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-30295\">CVE-2022-30295<\/a>) detailing a vulnerability in the DNS component of uClibc library used in many IoT products. The vulnerability also extends to all versions of the uClibc-ng library\u2014specifically forked to support the popular OpenWRT router operating system used in home networks and across various critical infrastructure sectors. The uClibc library is used by major vendors including Linksys, Netgear, Axis, and in Linux distributions including Embedded Gentoo. The exploitable vulnerability lies in the uClibc library\u2019s implementation of predictable transaction IDs which allows an attacker to send a \u2018poisoned\u2019 response to the device. Assuming source ports are random, the attacker now needs to flood the device with poisoned DNS \u2018responses\u2019 using every possible source port\u2014and do so before the legitimate DNS response is received.\u00a0 Here&#8217;s a link to the Infoblox Knowledge Base document regarding this vulnerability:\u00a0<a href=\"https:\/\/community.infoblox.com\/t5\/trending-kb-articles\/infoblox-products-not-vulnerable-to-uclibc-and-uclibc-ng-issues\/ba-p\/24064\">Infoblox products not vulnerable to uClibc and uClibc-ng issues<\/a>.<\/p>\n<p>Yay! Another as-yet-unpatched vulnerability.\u00a0 What\u2019s the impact? An attacker can exploit the vulnerability to conduct DNS poisoning or DNS spoofing (in certain circumstances) to redirect the victim (router\/embedded device) to a malicious domain under the attacker\u2019s control rather than the legitimate domain infrastructure. DNS cache poisoning has been both a widely known attack and an attack enabler since the \u201890s. So what is DNS cache poisoning?<\/p>\n<p>When a computer or other device requests the IP address for intra\/internet destinations from a DNS server, the resolved address is stored in short term cache memory to speed up subsequent queries for the same destination. For instance, suppose you\u2019re the first person in your office out of 100 employees on Monday morning. You grab your morning go-juice of choice, fire up your computer, and check Google for the where you can get the best price on something you saw over the weekend. Your computer requests the upstream DNS servers to provide the current IP address for Google, and subsequently, whatever website you click on. Now, imagine every employee does the same thing X 100. Your computer and the DNS server\/router store the resultant information in local memory so that when your coworkers also search Google for [whatever], the network already has the answer rather than 100 requests to the internet for the same IP address. Network optimization at its finest.<\/p>\n<p>However, when this vulnerability is exploited, that locally cached answer for any\/all domains can be \u2018poisoned\u2019 such that a request for Google\u2019s IP address (or any internet destination) could in fact be overwritten to point to a malicious domain. (See Figure 1) But wouldn\u2019t you know immediately? As a user, not necessarily. Malicious domains can be set up to deliver additional malware via browser exploits that give them more access to your network, or they can conduct man-in-the-middle attacks to intercept all your internet traffic. While attackers may not be interested in your shopping habits, imagine if you were visiting your financial institution to make sure you have enough money to buy that designer coffee table you found. They could intercept your login credentials and steal your money.<\/p>\n<p>&nbsp;<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-7716 size-full\" src=\"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/DNS-cache-poisoning.png\" alt=\"\" width=\"891\" height=\"493\" srcset=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/DNS-cache-poisoning.png 891w, https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/DNS-cache-poisoning-300x166.png 300w, https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/DNS-cache-poisoning-768x425.png 768w\" sizes=\"auto, (max-width: 891px) 100vw, 891px\" \/><\/p>\n<p style=\"text-align: center;\"><strong>Figure 1, DNS Cache Poisoning<\/strong><\/p>\n<p>While the potential impact is difficult to assess, whether it be to the individual or to the organization, one thing is certain: we want to keep unauthorized threat actors out of our networks. Given the state of many organizational networks, the common use of <a href=\"https:\/\/www.infoblox.com\/products\/advanced-dns-protection\/\">enterprise-grade DNS servers<\/a> leveraging DNSSEC would render this attack vector largely ineffective. However, many home networks that utilize SOHO retail router access points are not as robust, which makes this vulnerability more impactful. Home networks are very susceptible to a litany of attacks, and for the work-from-anywhere (WFA) employee, this introduces additional risks to organizational systems operating on these home networks. Enterprise managers need to ensure they\u2019re leveraging an organizationally configured protective DNS solution (i.e. <a href=\"https:\/\/www.infoblox.com\/products\/bloxone-threat-defense\/\">BloxOne Threat Defense<\/a> Cloud Resolver) and logging DNS queries\/responses from WFA devices.<\/p>\n<p>In summary, the technique is not new and is relatively easy to thwart: implement DNSSEC on enterprise DNS servers and leverage a protective DNS solution to stop resolution to malicious domains. As always, if you have any questions specific to your organization\u2019s susceptibility to this vulnerability or any other DNS-related questions, we invite you to contact your account team.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Last week, Nozomi Networks released an advisory (tracked as CVE-2022-30295) detailing a vulnerability in the DNS component of uClibc library used in many IoT products. The vulnerability also extends to all versions of the uClibc-ng library\u2014specifically forked to support the popular OpenWRT router operating system used in home networks and across various critical infrastructure sectors. [&hellip;]<\/p>\n","protected":false},"author":372,"featured_media":2544,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[2],"tags":[691,692,360,234,693,694],"class_list":{"0":"post-7715","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-security","8":"tag-nozomi","9":"tag-cve-2022-30295","10":"tag-dns-security","11":"tag-iot","12":"tag-uclibc","13":"tag-dns-vulnerability","14":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Unpatched DNS Vulnerability Affects Many IoT Products<\/title>\n<meta name=\"description\" content=\"Unpatched DNS Vulnerability Affects Many IoT Products. Last week, Nozomi Networks released an advisory (tracked as CVE-2022-30295) detailing a vulnerability in the DNS component of uClibc library used in many IoT products. The vulnerability also extends to all versions of the uClibc-ng library\u2014specifically forked to support the popular OpenWRT router operating system used in home networks and across various critical infrastructure sectors. The uClibc library is used by major vendors including Linksys, Netgear, Axis, and in Linux distributions including Embedded Gentoo. The exploitable vulnerability lies in the uClibc library\u2019s implementation of predictable transaction IDs which allows an attacker to send a \u2018poisoned\u2019 response to the device. Assuming source ports are random, the attacker now needs to flood the device with poisoned DNS \u2018responses\u2019 using every possible source port\u2014and do so before the legitimate DNS response is received.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/security\/unpatched-dns-vulnerability-affects-many-iot-products\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Unpatched DNS Vulnerability Affects Many IoT Products\" \/>\n<meta property=\"og:description\" content=\"Unpatched DNS Vulnerability Affects Many IoT Products. Last week, Nozomi Networks released an advisory (tracked as CVE-2022-30295) detailing a vulnerability in the DNS component of uClibc library used in many IoT products. The vulnerability also extends to all versions of the uClibc-ng library\u2014specifically forked to support the popular OpenWRT router operating system used in home networks and across various critical infrastructure sectors. The uClibc library is used by major vendors including Linksys, Netgear, Axis, and in Linux distributions including Embedded Gentoo. The exploitable vulnerability lies in the uClibc library\u2019s implementation of predictable transaction IDs which allows an attacker to send a \u2018poisoned\u2019 response to the device. Assuming source ports are random, the attacker now needs to flood the device with poisoned DNS \u2018responses\u2019 using every possible source port\u2014and do so before the legitimate DNS response is received.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/security\/unpatched-dns-vulnerability-affects-many-iot-products\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2022-05-09T22:15:51+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-05-12T20:38:17+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ThinkstockPhotos-511475207-1-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"660\" \/>\n\t<meta property=\"og:image:height\" content=\"454\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Chris Usserman\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Chris Usserman\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/unpatched-dns-vulnerability-affects-many-iot-products\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/unpatched-dns-vulnerability-affects-many-iot-products\\\/\"},\"author\":{\"name\":\"Chris Usserman\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/452e3a61b52da93ac695eb062398c066\"},\"headline\":\"Unpatched DNS Vulnerability Affects Many IoT Products\",\"datePublished\":\"2022-05-09T22:15:51+00:00\",\"dateModified\":\"2022-05-12T20:38:17+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/unpatched-dns-vulnerability-affects-many-iot-products\\\/\"},\"wordCount\":722,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/unpatched-dns-vulnerability-affects-many-iot-products\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ThinkstockPhotos-511475207-1-1.jpg\",\"keywords\":[\"Nozomi\",\"CVE-2022-30295\",\"DNS Security\",\"IoT\",\"uClibc\",\"DNS vulnerability\"],\"articleSection\":[\"Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/unpatched-dns-vulnerability-affects-many-iot-products\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/unpatched-dns-vulnerability-affects-many-iot-products\\\/\",\"name\":\"Unpatched DNS Vulnerability Affects Many IoT Products\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/unpatched-dns-vulnerability-affects-many-iot-products\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/unpatched-dns-vulnerability-affects-many-iot-products\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ThinkstockPhotos-511475207-1-1.jpg\",\"datePublished\":\"2022-05-09T22:15:51+00:00\",\"dateModified\":\"2022-05-12T20:38:17+00:00\",\"description\":\"Unpatched DNS Vulnerability Affects Many IoT Products. Last week, Nozomi Networks released an advisory (tracked as CVE-2022-30295) detailing a vulnerability in the DNS component of uClibc library used in many IoT products. The vulnerability also extends to all versions of the uClibc-ng library\u2014specifically forked to support the popular OpenWRT router operating system used in home networks and across various critical infrastructure sectors. The uClibc library is used by major vendors including Linksys, Netgear, Axis, and in Linux distributions including Embedded Gentoo. The exploitable vulnerability lies in the uClibc library\u2019s implementation of predictable transaction IDs which allows an attacker to send a \u2018poisoned\u2019 response to the device. Assuming source ports are random, the attacker now needs to flood the device with poisoned DNS \u2018responses\u2019 using every possible source port\u2014and do so before the legitimate DNS response is received.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/unpatched-dns-vulnerability-affects-many-iot-products\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/unpatched-dns-vulnerability-affects-many-iot-products\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/unpatched-dns-vulnerability-affects-many-iot-products\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ThinkstockPhotos-511475207-1-1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/ThinkstockPhotos-511475207-1-1.jpg\",\"width\":660,\"height\":454,\"caption\":\"Security Tools are Enough to Rapidly Respond to Threats. Think Again!\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/unpatched-dns-vulnerability-affects-many-iot-products\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/security\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Unpatched DNS Vulnerability Affects Many IoT Products\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/452e3a61b52da93ac695eb062398c066\",\"name\":\"Chris Usserman\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_372_1652132654-96x96.jpg\",\"url\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_372_1652132654-96x96.jpg\",\"contentUrl\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_372_1652132654-96x96.jpg\",\"caption\":\"Chris Usserman\"},\"description\":\"Chris Usserman advises government agencies globally about the benefits of protective DNS and related regulations. His expertise, spanning over 30 years in the U.S. intelligence community, not only contributes to the U.S. Government's security efforts but also fosters collaborations to bolster security across various sectors and communities of interest. Chris's profound insights have earned him invitations to speak on DNS and cybersecurity at numerous esteemed international conferences.\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/chris-usserman\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Unpatched DNS Vulnerability Affects Many IoT Products","description":"Unpatched DNS Vulnerability Affects Many IoT Products. Last week, Nozomi Networks released an advisory (tracked as CVE-2022-30295) detailing a vulnerability in the DNS component of uClibc library used in many IoT products. The vulnerability also extends to all versions of the uClibc-ng library\u2014specifically forked to support the popular OpenWRT router operating system used in home networks and across various critical infrastructure sectors. The uClibc library is used by major vendors including Linksys, Netgear, Axis, and in Linux distributions including Embedded Gentoo. The exploitable vulnerability lies in the uClibc library\u2019s implementation of predictable transaction IDs which allows an attacker to send a \u2018poisoned\u2019 response to the device. Assuming source ports are random, the attacker now needs to flood the device with poisoned DNS \u2018responses\u2019 using every possible source port\u2014and do so before the legitimate DNS response is received.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/security\/unpatched-dns-vulnerability-affects-many-iot-products\/","og_locale":"en_US","og_type":"article","og_title":"Unpatched DNS Vulnerability Affects Many IoT Products","og_description":"Unpatched DNS Vulnerability Affects Many IoT Products. Last week, Nozomi Networks released an advisory (tracked as CVE-2022-30295) detailing a vulnerability in the DNS component of uClibc library used in many IoT products. The vulnerability also extends to all versions of the uClibc-ng library\u2014specifically forked to support the popular OpenWRT router operating system used in home networks and across various critical infrastructure sectors. The uClibc library is used by major vendors including Linksys, Netgear, Axis, and in Linux distributions including Embedded Gentoo. The exploitable vulnerability lies in the uClibc library\u2019s implementation of predictable transaction IDs which allows an attacker to send a \u2018poisoned\u2019 response to the device. Assuming source ports are random, the attacker now needs to flood the device with poisoned DNS \u2018responses\u2019 using every possible source port\u2014and do so before the legitimate DNS response is received.","og_url":"https:\/\/www.infoblox.com\/blog\/security\/unpatched-dns-vulnerability-affects-many-iot-products\/","og_site_name":"Infoblox Blog","article_published_time":"2022-05-09T22:15:51+00:00","article_modified_time":"2022-05-12T20:38:17+00:00","og_image":[{"width":660,"height":454,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ThinkstockPhotos-511475207-1-1.jpg","type":"image\/jpeg"}],"author":"Chris Usserman","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Chris Usserman","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/security\/unpatched-dns-vulnerability-affects-many-iot-products\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/unpatched-dns-vulnerability-affects-many-iot-products\/"},"author":{"name":"Chris Usserman","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/452e3a61b52da93ac695eb062398c066"},"headline":"Unpatched DNS Vulnerability Affects Many IoT Products","datePublished":"2022-05-09T22:15:51+00:00","dateModified":"2022-05-12T20:38:17+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/unpatched-dns-vulnerability-affects-many-iot-products\/"},"wordCount":722,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/unpatched-dns-vulnerability-affects-many-iot-products\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ThinkstockPhotos-511475207-1-1.jpg","keywords":["Nozomi","CVE-2022-30295","DNS Security","IoT","uClibc","DNS vulnerability"],"articleSection":["Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/security\/unpatched-dns-vulnerability-affects-many-iot-products\/","url":"https:\/\/www.infoblox.com\/blog\/security\/unpatched-dns-vulnerability-affects-many-iot-products\/","name":"Unpatched DNS Vulnerability Affects Many IoT Products","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/unpatched-dns-vulnerability-affects-many-iot-products\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/unpatched-dns-vulnerability-affects-many-iot-products\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ThinkstockPhotos-511475207-1-1.jpg","datePublished":"2022-05-09T22:15:51+00:00","dateModified":"2022-05-12T20:38:17+00:00","description":"Unpatched DNS Vulnerability Affects Many IoT Products. Last week, Nozomi Networks released an advisory (tracked as CVE-2022-30295) detailing a vulnerability in the DNS component of uClibc library used in many IoT products. The vulnerability also extends to all versions of the uClibc-ng library\u2014specifically forked to support the popular OpenWRT router operating system used in home networks and across various critical infrastructure sectors. The uClibc library is used by major vendors including Linksys, Netgear, Axis, and in Linux distributions including Embedded Gentoo. The exploitable vulnerability lies in the uClibc library\u2019s implementation of predictable transaction IDs which allows an attacker to send a \u2018poisoned\u2019 response to the device. Assuming source ports are random, the attacker now needs to flood the device with poisoned DNS \u2018responses\u2019 using every possible source port\u2014and do so before the legitimate DNS response is received.","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/unpatched-dns-vulnerability-affects-many-iot-products\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/security\/unpatched-dns-vulnerability-affects-many-iot-products\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/security\/unpatched-dns-vulnerability-affects-many-iot-products\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ThinkstockPhotos-511475207-1-1.jpg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/ThinkstockPhotos-511475207-1-1.jpg","width":660,"height":454,"caption":"Security Tools are Enough to Rapidly Respond to Threats. Think Again!"},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/security\/unpatched-dns-vulnerability-affects-many-iot-products\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Security","item":"https:\/\/www.infoblox.com\/blog\/category\/security\/"},{"@type":"ListItem","position":3,"name":"Unpatched DNS Vulnerability Affects Many IoT Products"}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/452e3a61b52da93ac695eb062398c066","name":"Chris Usserman","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_372_1652132654-96x96.jpg","url":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_372_1652132654-96x96.jpg","contentUrl":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_372_1652132654-96x96.jpg","caption":"Chris Usserman"},"description":"Chris Usserman advises government agencies globally about the benefits of protective DNS and related regulations. His expertise, spanning over 30 years in the U.S. intelligence community, not only contributes to the U.S. Government's security efforts but also fosters collaborations to bolster security across various sectors and communities of interest. Chris's profound insights have earned him invitations to speak on DNS and cybersecurity at numerous esteemed international conferences.","url":"https:\/\/www.infoblox.com\/blog\/author\/chris-usserman\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/7715","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/372"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=7715"}],"version-history":[{"count":5,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/7715\/revisions"}],"predecessor-version":[{"id":7721,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/7715\/revisions\/7721"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/2544"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=7715"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=7715"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=7715"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}