RunZero discloses seven unpatched FatFs filesystem flaws in embedded devices
Source headline: Unpatched Flaws Disclosed in Filesystem Bundled Into Millions of Embedded Devices
Intelligence Summary
Security firm runZero disclosed seven vulnerabilities in FatFs, a filesystem library used to read and write FAT and exFAT media. FatFs is commonly embedded in firmware across many device types, including security cameras, drones, industrial controllers, and crypto wallets. Because the flaws are currently unpatched in deployed code, devices that parse removable storage could be exposed to crashes or potentially malicious behavior. The impact depends on how integrators use FatFs and whether they process untrusted FAT/exFAT data from USB or SD cards. Vendors and device builders should identify affected firmware versions and plan mitigations such as patching, input validation, and restricting removable media access.
Recommended Action
Review affected assets, schedule urgent remediation, and monitor related indicators.