These vulnerabilities were discovered by Aleksandar Nikolic of Cisco Talos

Today, Talos is disclosing several vulnerabilities that have been identified in Cesanta Mongoose server.

Cesanta Mongoose is a library implementing a number of networking protocols, including HTTP, MQTT, MDNS and others. It is designed with embedded devices in mind and as such is used in many IoT devices and runs on virtually all popular IoT platforms. The small size of the software enables any Internet-connected device to function as a web server. Mongoose is available under GPL v2 and commercial licenses.

All discovered vulnerabilities are fixed in version 6.10 of the library.



Talos Group

Talos Security Intelligence & Research Group