<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Embedded-Systems - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/tags/embedded-systems/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Fri, 03 Jul 2026 20:24:37 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/tags/embedded-systems/feed.xml" rel="self" type="application/rss+xml"/><item><title>CVE-2026-14606 — Stack-Based Buffer Overflow in RT-Thread CAN_Receive</title><link>https://feed.craftedsignal.io/briefs/2026-07-cve-2026-14606-rt-thread/</link><pubDate>Fri, 03 Jul 2026 20:24:37 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-cve-2026-14606-rt-thread/</guid><description>A stack-based buffer overflow vulnerability (CVE-2026-14606) exists in RT-Thread versions up to 5.0.2, specifically in the `CAN_Receive` function of the SWM341 CAN Handler component, allowing for local exploitation via manipulation, with a public exploit available.</description><content:encoded><![CDATA[<p>A critical security flaw, identified as CVE-2026-14606, has been discovered within versions of RT-Thread up to and including 5.0.2. This vulnerability specifically impacts the <code>CAN_Receive</code> function, located in the <code>bsp/synwit/libraries/SWM341_CSL/CMSIS/DeviceSupport/SWM341.h</code> library, which is part of the SWM341 CAN Handler component. Attackers can trigger a stack-based buffer overflow by performing a specific manipulation, which requires local access to the affected device. While local access is a prerequisite, the exploit code has been publicly released, significantly lowering the bar for malicious actors to leverage this flaw. The vendor, RT-Thread, was reportedly notified prior to public disclosure but has not yet provided a response or patch. This vulnerability is significant for organizations using RT-Thread in embedded systems, particularly in IoT and industrial control environments, as successful exploitation could lead to arbitrary code execution or denial of service.</p>
<h2 id="impact">Impact</h2>
<p>Successful exploitation of CVE-2026-14606 would result in a stack-based buffer overflow, potentially leading to arbitrary code execution or a denial of service on affected RT-Thread devices. Given that the vulnerability requires local access, the primary risk lies in scenarios where an attacker has already compromised the device through other means or has physical access. The public availability of exploit code increases the likelihood of widespread exploitation once initial access is gained. Organizations utilizing RT-Thread in critical infrastructure, IoT deployments, or embedded systems could face severe operational disruptions, data compromise, or loss of device integrity if these systems are compromised. The lack of a vendor response further exacerbates the risk, leaving users without an official patch.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Patch CVE-2026-14606 immediately once a vendor-supplied update for RT-Thread &lt;= 5.0.2 becomes available.</li>
<li>Review and restrict local access privileges to devices running affected RT-Thread versions to mitigate the risk of local exploitation of CVE-2026-14606.</li>
<li>Implement strong access controls and physical security measures for devices where local access could lead to compromise via CVE-2026-14606.</li>
<li>Continuously monitor for any unauthorized process execution or system instability on RT-Thread devices that might indicate exploitation of CVE-2026-14606.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>vulnerability</category><category>buffer-overflow</category><category>RT-Thread</category><category>IoT</category><category>ICS</category><category>embedded-systems</category></item><item><title>CVE-2026-14605: RT-Thread Stack-based Buffer Overflow</title><link>https://feed.craftedsignal.io/briefs/2026-07-cve-2026-14605-rt-thread-bo/</link><pubDate>Fri, 03 Jul 2026 20:23:58 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-cve-2026-14605-rt-thread-bo/</guid><description>A stack-based buffer overflow vulnerability (CVE-2026-14605) exists in the `recvmsg` function of the `ls1c CAN Handler` component within RT-Thread up to version 5.0.2, requiring local access for exploitation and having a publicly available exploit, potentially leading to high impact on confidentiality, integrity, and availability.</description><content:encoded><![CDATA[<p>A critical stack-based buffer overflow vulnerability, identified as CVE-2026-14605, has been discovered in RT-Thread, an open-source real-time operating system, affecting versions up to 5.0.2. The flaw resides specifically within the <code>recvmsg</code> function in the <code>bsp/loongson/ls1cdev/libraries/ls1c_can.h</code> library, part of the <code>ls1c CAN Handler</code> component. Exploitation of this vulnerability necessitates local access to the affected system, meaning an attacker must already have a foothold on the device. A public exploit for this vulnerability is available, increasing the likelihood of its use by malicious actors. The vendor, RT-Thread, was contacted regarding this disclosure but has not provided a response, leaving affected systems at risk. This vulnerability poses a significant threat to the confidentiality, integrity, and availability of systems utilizing affected RT-Thread versions.</p>
<h2 id="impact">Impact</h2>
<p>The successful exploitation of CVE-2026-14605, a stack-based buffer overflow, could lead to a complete compromise of the affected RT-Thread system. With high impact on confidentiality, integrity, and availability (CVSS 3.1 Base Score 7.8), attackers could potentially execute arbitrary code with elevated privileges, gain full control over the embedded device, or cause system instability and denial of service. Since RT-Thread is commonly used in embedded systems and IoT devices, successful exploitation could have severe consequences ranging from data exfiltration and intellectual property theft to physical disruption of critical infrastructure or industrial control systems.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Immediately patch or update RT-Thread installations to a version beyond 5.0.2 to remediate CVE-2026-14605.</li>
<li>Restrict local access to all devices running affected RT-Thread versions as exploitation of CVE-2026-14605 requires local access.</li>
<li>Monitor for any unusual activity or process behavior on devices running RT-Thread, especially after any local access event, given the public availability of an exploit for CVE-2026-14605.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>rt-thread</category><category>buffer-overflow</category><category>cve</category><category>local-exploitation</category><category>embedded-systems</category></item></channel></rss>