Unpatched DNS-Poisoning Bug Affects Millions of Devices, Stumps Researchers

The security vulnerability puts wide swaths of industrial networks and IoT devices at risk of compromise, researchers warn.

After months of work by industrial control systems (ICS) cybersecurity teams, a fix for a widespread Domain Name System (DNS) poisoning bug still hasnt been found. Now theyre asking for help from the wider cybersecurity community.
A blog post from a team of ICS analysts at Nozomi Networks explained the flaw exists in all versions of the widely used C standard library for Internet of Things (IoT) gear called uClibc, as well as uClibc-ng, which is a special version for OpenWRT, a common OS for routers deployed throughout various critical infrastructure sectors.
As such, the bug exists in big name-brand products from Linksys, Netgear, and Axis, and in Linux distributions such as Embedded Gentoo. Since January, the vulnerability has been disclosed to 200+ vendors, and it likely affects millions of installed devices.
Additional specifics on the devices affected arent being provided publicly because the
DNS bug
is still unpatched, but Nozomi provided details on the bug and its exploitability after the librarys maintainer was unable to develop a fix — in hopes of soliciting help from the community.
The impact of an exploit could be significant: Because of its relevance, DNS can be a valuable target for attackers, the research team explained in the post. In a DNS poisoning attack, an attacker is able to deceive a DNS client into accepting a forged response, thus inducing a certain program into performing network communications with an arbitrarily defined endpoint, and not the legitimate one.
Once successful, the attacker could alter or intercept network traffic to compromise connected devices, the team said.
A DNS poisoning attack enables subsequent Man-in-the-Middle attacks because the attacker, by poisoning DNS records, is capable of rerouting network communications to a server under their control. the
Nozomi team warned
. The attacker could then steal and/or manipulate information transmitted by users, and perform other attacks against those devices to completely compromise them.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Unpatched DNS-Poisoning Bug Affects Millions of Devices, Stumps Researchers