A series of vulnerabilities in VxWorks—a real-time operating system (RTOS) that has been in use since the late 1980s—could leave up to 200 million modems, routers, firewalls, printers, and industrial and medical devices open to exploit.
These vulnerabilities aren’t theoretical—the exploits have been demonstrated—and many of the affected devices haven’t been touched or actively managed in years. Further complicating the matter is that many organizations don’t know whether they’ve got VxWorks devices on their networks in the first place (though an OS discovery scan would be a quick way to tell).
Only certain versions of VxWorks are affected, however. VxWorks maintainer Wind River has published a list of FAQs with guidance for remediation.
Read more here.