December 16, 2020
Amnesia:33 — Is DMP Vulnerable?
By Dave Roberts
Vice President of Engineering
What is Amnesia:33?
A: Amnesia:33 is a set of 33 vulnerabilities found across four different TCP/IP software products commonly found in embedded systems and IoT devices. On December 8, researchers disclosed the set of 33 vulnerabilities, which could essentially help attackers take control of vulnerable devices on a network. Researchers report these vulnerabilities exist in products from many different vendors and affect potentially millions of devices.
What TCP/IP stacks are affected?
A: Researchers tested a total of seven commonly used TCP/IP software products and found four of them to be vulnerable to some of the 33 reported vulnerabilities. The affected TCP/IP software include uIP, picoTCP, FNET and Nut/Net. The three other TCP/IP software products tested by the researchers were found to have no vulnerabilities.
Do DMP products use any of the affected TCP/IP stacks?
A: The XT, 734N and 7400 Series keypad use one of the affected software products.
Are DMP products vulnerable to Amnesia:33?
A: DMP Engineering has evaluated each of the vulnerabilities reported by the Amnesia:33 report and has confirmed none of the reported vulnerabilities exist in any DMP product. Therefore, DMP has no vulnerability from Amnesia:33.