Bottom line: Seven disclosed vulnerabilities in a widely used filesystem library endanger millions of embedded devices without available patches.
The security company runZero has disclosed seven vulnerabilities in the FatFs filesystem framework, which is built into millions of embedded devices such as surveillance cameras, drones, and industrial controllers. FatFs enables devices to read and write FAT and exFAT formats on USB drives and SD cards.
The security company runZero has documented and disclosed seven vulnerabilities in the FatFs framework. FatFs is a compact filesystem library that enables devices to read and write the FAT and exFAT formats used on USB drives and SD cards.
The significance of these vulnerabilities lies in the widespread deployment of FatFs. The library is embedded in the firmware of security cameras, drones, industrial controllers, hardware crypto wallets, and other microcontroller-based devices. Attackers could potentially exploit these gaps to inject code via manipulated storage media or crash devices.
For CISOs, this represents a significant risk, as many of these devices are deployed in critical infrastructure or at the network perimeter. Patches are not yet available, which is why a detailed inventory of all devices with FatFs firmware and an evaluation of exposure is required. Depending on the criticality of the affected systems, mitigation measures such as network segmentation or monitoring of suspicious storage media should be considered.
Source: thehackernews.com · Published July 3, 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.2.