A security researcher with Embedi has discovered several vulnerabilities affecting the ThreadX firmware for Wi-Fi chipsets in laptops and Internet of Things (IoT) devices.
Among the flaws is a block pool overflow that can enable attackers to remotely execute code on certain devices without any user interaction (zero-click). The vulnerability affects both ThreadX and the Marvell version of this firmare, named Marvell Avastar Wi-Fi SoC.
Read more: Bug in widespread Wi-Fi chipset firmware can lead to zero-click code execution