{"id":2847,"date":"2024-03-05T10:57:32","date_gmt":"2024-03-05T09:57:32","guid":{"rendered":"https:\/\/security.humanativaspa.it\/?p=2847"},"modified":"2025-10-21T09:14:00","modified_gmt":"2025-10-21T09:14:00","slug":"multiple-vulnerabilities-in-rt-thread-rtos","status":"publish","type":"post","link":"https:\/\/hnsecurity.it\/it\/blog\/multiple-vulnerabilities-in-rt-thread-rtos\/","title":{"rendered":"Multiple vulnerabilities in RT-Thread RTOS"},"content":{"rendered":"<blockquote><p><em>&#8220;Security is in the mind of the programmer and in the mind of the designer.<\/em><br \/>\n<em>Not so much in the code.&#8221;<\/em><br \/>\n<em>&#8212; Alisa Esage<\/em><\/p><\/blockquote>\n<h3>Summary<\/h3>\n<p>Welcome to another episode in <a href=\"https:\/\/hnsecurity.it\/ost2-zephyr-rtos-and-a-bunch-of-cves\/\">my journey<\/a> as a glorified static analysis tool for real-time operating systems!<\/p>\n<p>This time, our target of choice is <a href=\"https:\/\/www.rt-thread.io\/\">RT-Thread<\/a>, an open-source, community-based <strong>real-time operating system (RTOS)<\/strong>. RT-Thread can be used in sensing nodes, wireless connection chips, and many other resource-constrained scenarios. It is also widely applied in gateways, IPC, smart speakers, and other high-performance <strong>IoT applications<\/strong>.<\/p>\n<p>I reviewed RT-Thread&#8217;s <a href=\"https:\/\/github.com\/RT-Thread\/rt-thread\">source code<\/a> hosted on GitHub and identified multiple\u00a0<strong>security vulnerabilities<\/strong> that may cause memory corruption and security feature bypass. Their impacts range from <strong>denial of service<\/strong>\u00a0to potential\u00a0<strong>arbitrary code execution<\/strong>.<\/p>\n<p>During the source code review I also audited the <a href=\"https:\/\/savannah.nongnu.org\/projects\/lwip\/\">lwIP<\/a> and <a href=\"https:\/\/github.com\/cxong\/tinydir\">TinyDir<\/a> codebases on which some RT-Thread functionalities depend, and found <a href=\"https:\/\/git.savannah.nongnu.org\/cgit\/lwip.git\/commit\/?id=ee1523630a81fffa6b7d93dd0c7a6191de5856cd\">some<\/a> <a href=\"https:\/\/git.savannah.nongnu.org\/cgit\/lwip.git\/commit\/?id=b413b040936f48d4cd9ed632ac579542c710efae\">additional<\/a> <a href=\"https:\/\/github.com\/cxong\/tinydir\/security\/advisories\/GHSA-jf5r-wgf4-qhxf\">vulnerabilities<\/a> that were subsequently fixed by the respective maintainers.<\/p>\n<p>My detailed\u00a0<strong>advisories<\/strong> are available here:<\/p>\n<ul>\n<li><a href=\"https:\/\/github.com\/hnsecurity\/vulns\/blob\/main\/HNS-2024-05-rt-thread.txt\">https:\/\/github.com\/hnsecurity\/vulns\/blob\/main\/HNS-2024-05-rt-thread.txt<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/hnsecurity\/vulns\/blob\/main\/HNS-2023-04-tinydir.txt\">https:\/\/github.com\/hnsecurity\/vulns\/blob\/main\/HNS-2023-04-tinydir.txt<\/a><\/li>\n<\/ul>\n<h3>Background<\/h3>\n<p>After my <a href=\"https:\/\/hnsecurity.it\/ost2-zephyr-rtos-and-a-bunch-of-cves\/\">recent vulnerability disclosures<\/a>, I decided to keep assisting open-source projects in the IoT space in finding and fixing security vulnerabilities by <strong>reviewing their source code<\/strong>. RT-Thread was selected as a target of interest. Other RTOSes will be featured in future <a href=\"https:\/\/github.com\/hnsecurity\/vulns\">advisories<\/a> and writeups. So, <a href=\"https:\/\/hnsecurity.it\/tag\/iot\/\">stay tuned<\/a>.<\/p>\n<p>During this review, I made use of my <a href=\"https:\/\/hnsecurity.it\/semgrep-ruleset-for-c-c-vulnerability-research\/\">Semgrep C\/C++ ruleset<\/a>\u00a0to identify hotspots in code on which to focus my attention. I also took advantage of this opportunity to\u00a0<a href=\"https:\/\/hnsecurity.it\/big-update-to-my-semgrep-c-cpp-ruleset\/\">improve and update<\/a>\u00a0the ruleset.<\/p>\n<h3>Vulnerabilities<\/h3>\n<p>The\u00a0<strong>vulnerabilities<\/strong>\u00a0resulting from my source code review are:<\/p>\n<ul>\n<li><a href=\"https:\/\/github.com\/RT-Thread\/rt-thread\/issues\/8271\">CVE-2024-24335<\/a> &#8211; Buffer overflow in RT-Thread dfs_v2 romfs filesystem<\/li>\n<li><a href=\"https:\/\/github.com\/RT-Thread\/rt-thread\/issues\/8282\">CVE-2024-24334<\/a> &#8211; Heap buffer overflows in RT-Thread dfs_v2 dfs_file<\/li>\n<li><a href=\"https:\/\/github.com\/RT-Thread\/rt-thread\/issues\/8283\">CVE-2024-25389<\/a> &#8211; Weak random source in RT-Thread rt_random driver<\/li>\n<li><a href=\"https:\/\/github.com\/RT-Thread\/rt-thread\/issues\/8285\">CVE-2024-25388<\/a> &#8211; Heap buffer overflow in RT-Thread wlan driver<\/li>\n<li><a href=\"https:\/\/github.com\/RT-Thread\/rt-thread\/issues\/8286\">CVE-2024-25390<\/a> &#8211; Heap buffer overflows in RT-Thread finsh<\/li>\n<li><a href=\"https:\/\/github.com\/RT-Thread\/rt-thread\/issues\/8287\">CVE-2024-25391<\/a> &#8211; Stack buffer overflow in RT-Thread IPC<\/li>\n<li><a href=\"https:\/\/github.com\/RT-Thread\/rt-thread\/issues\/8288\">CVE-2024-25393<\/a> &#8211; Stack buffer overflow in RT-Thread AT server<\/li>\n<li><a href=\"https:\/\/github.com\/RT-Thread\/rt-thread\/issues\/8289\">CVE-2024-25395<\/a> &#8211; Static buffer overflow in RT-Thread rt-link utility<\/li>\n<li><a href=\"https:\/\/github.com\/RT-Thread\/rt-thread\/issues\/8290\">CVE-2024-25392<\/a> &#8211; Out-of-bounds static array access in RT-Thread var_export utility<\/li>\n<li><a href=\"https:\/\/github.com\/RT-Thread\/rt-thread\/issues\/8291\">CVE-2024-25394<\/a> &#8211; Multiple vulnerabilities in RT-Thread ymodem utility<\/li>\n<li>Use of <a href=\"https:\/\/git.savannah.nongnu.org\/cgit\/lwip.git\/commit\/?id=ee1523630a81fffa6b7d93dd0c7a6191de5856cd\">outdated<\/a> <a href=\"https:\/\/git.savannah.nongnu.org\/cgit\/lwip.git\/commit\/?id=b413b040936f48d4cd9ed632ac579542c710efae\">lwIP<\/a> and <a href=\"https:\/\/github.com\/hnsecurity\/vulns\/blob\/main\/HNS-2023-04-tinydir.txt\">TinyDir<\/a> dependencies in RT-Thread<\/li>\n<\/ul>\n<p>For additional information about these\u00a0<strong>vulnerabilities<\/strong>\u00a0and their\u00a0<strong>fixes<\/strong>, please refer to the detailed\u00a0<a href=\"https:\/\/github.com\/hnsecurity\/vulns\/blob\/main\/HNS-2024-05-rt-thread.txt\">advisory<\/a>.<\/p>\n<p>Since a few months, I&#8217;ve started to consistently keep track of my research efforts using the excellent <a href=\"https:\/\/xwavesoft.com\/be-focused-pro-for-iphone-ipad-mac-os-x.html\">Be Focused<\/a> pomodoro timer app. Therefore, I know that it took me about <strong>32 hours<\/strong> to complete this project (not including the time spent for the disclosure process).<\/p>\n<figure id=\"attachment_3019\" aria-describedby=\"caption-attachment-3019\" style=\"width: 819px\" class=\"wp-caption aligncenter\"><img decoding=\"async\" class=\"wp-image-3019 size-full\" src=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/01\/Screenshot-2024-01-27-at-11.09.29-1.png\" alt=\"\" width=\"819\" height=\"408\" srcset=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/01\/Screenshot-2024-01-27-at-11.09.29-1.png 819w, https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/01\/Screenshot-2024-01-27-at-11.09.29-1-300x149.png 300w, https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/01\/Screenshot-2024-01-27-at-11.09.29-1-768x383.png 768w, https:\/\/hnsecurity.it\/wp-content\/uploads\/2024\/01\/Screenshot-2024-01-27-at-11.09.29-1-350x174.png 350w\" sizes=\"(max-width: 819px) 100vw, 819px\" \/><figcaption id=\"caption-attachment-3019\" class=\"wp-caption-text\">A nice graph that shows I was busy dealing with other stuff between September and October<\/figcaption><\/figure>\n<h3>Disclosure and fixes<\/h3>\n<p>I reported the vulnerabilities discussed in this article to RT-Thread in November 2023, by opening <a href=\"https:\/\/github.com\/search?o=desc&amp;q=author%3A0xdea+rt-thread&amp;s=created&amp;type=issues\">issues<\/a> on GitHub <a href=\"https:\/\/github.com\/RT-Thread\/rt-thread\/issues\/8250\">as directed<\/a> by the maintainers. Following my <a href=\"https:\/\/www.cve.org\/ReportRequest\/ReportRequestForNonCNAs\">request<\/a>, MITRE assigned <strong>CVE IDs<\/strong> to all vulnerabilities in February 2024.<\/p>\n<p>RT-Thread developers have fixed some of the vulnerabilities discussed in this advisory. However, some of the reported vulnerabilities are still open. Even though not all vulnerabilities were fixed, I decided to go ahead with public disclosure after about 90 days since the initial reports. This decision was taken mainly based on the fact that the <strong>vulnerability reports were already publicly accessible<\/strong> as GitHub issues.<\/p>\n<p>The detailed coordinated disclosure <strong>timeline<\/strong> follows:<\/p>\n<ul>\n<li>2023-11-12: Asked on GitHub how to report potential security issues.<\/li>\n<li>2023-11-13: RT-Thread founder replied to open issues directly on GitHub.<\/li>\n<li>2023-11-20: Opened the first issue on GitHub.<\/li>\n<li>2023-11-24: First vulnerability fixed; reported some other vulnerabilities.<\/li>\n<li>2023-11-28: Second (and third) vulnerability fixed.<\/li>\n<li>2023-12-24: Asked maintainers for updates.<\/li>\n<li>2024-01-17: Requested the first batch of CVE IDs from MITRE.<\/li>\n<li>2024-01-26: Informed maintainers of plan to publish advisory in February.<\/li>\n<li>2024-02-02: Requested the second batch of CVE IDs from MITRE.<\/li>\n<li>2024-02-07: CVE IDs for all reported vulnerabilities assigned by MITRE.<\/li>\n<li>2024-02-08: Communicated CVE IDs and new 2024-03-05 publication date.<\/li>\n<li>2024-02-18: Maintainers acknowledge publication date and inform about new fixes.<\/li>\n<li>2024-03-05: Published advisory and writeup.<\/li>\n<\/ul>\n<p>Please check the official RT-Thread channels for further information about fixes.<\/p>\n<h3>Acknowledgments<\/h3>\n<p>I would like to thank RT-Thread, lwIP, and TinyDir developers for the time dedicated to triaging the reported vulnerabilities. I would also like to thank MITRE for assigning CVE IDs upon my request.<\/p>\n<h3>Plug<\/h3>\n<p>You should submit an article to <a href=\"http:\/\/phrack.org\/\">Phrack<\/a>! Clicky-clicky \ud83e\uddd1\u200d\ud83d\udcbb<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">You should write an article for Phrack #71 !! I hear it&#39;s coming out by summer time. \ud83d\udc40<\/p>\n<p>Let&#39;s open the windows and get some phresh air back into the scene.<\/p>\n<p>If you&#39;ve got a story to tell, you should send it in by April 1st and keep the vibe going. \ud83d\ude42<a href=\"https:\/\/t.co\/Zc77uUWgvR\">https:\/\/t.co\/Zc77uUWgvR<\/a> <a href=\"https:\/\/t.co\/Q44xnCkug0\">pic.twitter.com\/Q44xnCkug0<\/a><\/p>\n<p>&mdash; Battle Programmer Yuu (@netspooky) <a href=\"https:\/\/twitter.com\/netspooky\/status\/1745260034966126946?ref_src=twsrc%5Etfw\">January 11, 2024<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;Security is in the mind of the programmer and in the mind of the designer. Not so much in the [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":159951,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[81],"tags":[149,162,193,75,82,116,117],"class_list":["post-2847","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-vulnerabilities","tag-iot","tag-semgrep","tag-rt-thread","tag-advisory","tag-vulnerability-research","tag-c-c","tag-code-review"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>HN Security - Multiple vulnerabilities in RT-Thread RTOS -<\/title>\n<meta name=\"description\" content=\"Coordinated disclosure writeup about multiple vulnerabilities in RT-Thread RTOS (10 CVEs).\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hnsecurity.it\/it\/blog\/multiple-vulnerabilities-in-rt-thread-rtos\/\" \/>\n<meta property=\"og:locale\" content=\"it_IT\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"HN Security - Multiple vulnerabilities in RT-Thread RTOS -\" \/>\n<meta property=\"og:description\" content=\"Coordinated disclosure writeup about multiple vulnerabilities in RT-Thread RTOS (10 CVEs).\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hnsecurity.it\/it\/blog\/multiple-vulnerabilities-in-rt-thread-rtos\/\" \/>\n<meta property=\"og:site_name\" content=\"HN Security\" \/>\n<meta property=\"article:published_time\" content=\"2024-03-05T09:57:32+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-10-21T09:14:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2025\/09\/RT-THREAD.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"836\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Marco Ivaldi\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@hnsec\" \/>\n<meta name=\"twitter:site\" content=\"@hnsec\" \/>\n<meta name=\"twitter:label1\" content=\"Scritto da\" \/>\n\t<meta name=\"twitter:data1\" content=\"Marco Ivaldi\" \/>\n\t<meta name=\"twitter:label2\" content=\"Tempo di lettura stimato\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minuti\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/multiple-vulnerabilities-in-rt-thread-rtos\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/multiple-vulnerabilities-in-rt-thread-rtos\\\/\"},\"author\":{\"name\":\"Marco Ivaldi\",\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/#\\\/schema\\\/person\\\/89a4174c275f05d6148fb0fdedc8de4f\"},\"headline\":\"Multiple vulnerabilities in RT-Thread RTOS\",\"datePublished\":\"2024-03-05T09:57:32+00:00\",\"dateModified\":\"2025-10-21T09:14:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/multiple-vulnerabilities-in-rt-thread-rtos\\\/\"},\"wordCount\":766,\"publisher\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/multiple-vulnerabilities-in-rt-thread-rtos\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/hnsecurity.it\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/RT-THREAD.jpg\",\"keywords\":[\"iot\",\"semgrep\",\"rt-thread\",\"advisory\",\"vulnerability research\",\"c\\\/c++\",\"code review\"],\"articleSection\":[\"Vulnerabilities\"],\"inLanguage\":\"it-IT\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/multiple-vulnerabilities-in-rt-thread-rtos\\\/\",\"url\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/multiple-vulnerabilities-in-rt-thread-rtos\\\/\",\"name\":\"HN Security - Multiple vulnerabilities in RT-Thread RTOS -\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/multiple-vulnerabilities-in-rt-thread-rtos\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/multiple-vulnerabilities-in-rt-thread-rtos\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/hnsecurity.it\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/RT-THREAD.jpg\",\"datePublished\":\"2024-03-05T09:57:32+00:00\",\"dateModified\":\"2025-10-21T09:14:00+00:00\",\"description\":\"Coordinated disclosure writeup about multiple vulnerabilities in RT-Thread RTOS (10 CVEs).\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/multiple-vulnerabilities-in-rt-thread-rtos\\\/#breadcrumb\"},\"inLanguage\":\"it-IT\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/multiple-vulnerabilities-in-rt-thread-rtos\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/multiple-vulnerabilities-in-rt-thread-rtos\\\/#primaryimage\",\"url\":\"https:\\\/\\\/hnsecurity.it\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/RT-THREAD.jpg\",\"contentUrl\":\"https:\\\/\\\/hnsecurity.it\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/RT-THREAD.jpg\",\"width\":1600,\"height\":836,\"caption\":\"RT-Thread logo\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/multiple-vulnerabilities-in-rt-thread-rtos\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Multiple vulnerabilities in RT-Thread RTOS\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/#website\",\"url\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/\",\"name\":\"HN Security\",\"description\":\"Offensive Security Specialists\",\"publisher\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"it-IT\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/#organization\",\"name\":\"HN Security\",\"url\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hnsecurity.it\\\/wp-content\\\/uploads\\\/2026\\\/01\\\/hn-libellula.jpg\",\"contentUrl\":\"https:\\\/\\\/hnsecurity.it\\\/wp-content\\\/uploads\\\/2026\\\/01\\\/hn-libellula.jpg\",\"width\":696,\"height\":696,\"caption\":\"HN Security\"},\"image\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/hnsec\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/hnsecurity\\\/\",\"https:\\\/\\\/github.com\\\/hnsecurity\",\"https:\\\/\\\/infosec.exchange\\\/@hnsec\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/#\\\/schema\\\/person\\\/89a4174c275f05d6148fb0fdedc8de4f\",\"name\":\"Marco Ivaldi\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a8a96db06e7315a061d28b320ee7bb4c9d0f1535c58bf0f54218bf8a7569bea0?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a8a96db06e7315a061d28b320ee7bb4c9d0f1535c58bf0f54218bf8a7569bea0?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a8a96db06e7315a061d28b320ee7bb4c9d0f1535c58bf0f54218bf8a7569bea0?s=96&d=mm&r=g\",\"caption\":\"Marco Ivaldi\"},\"url\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/author\\\/marco-ivaldi\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"HN Security - Multiple vulnerabilities in RT-Thread RTOS -","description":"Coordinated disclosure writeup about multiple vulnerabilities in RT-Thread RTOS (10 CVEs).","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hnsecurity.it\/it\/blog\/multiple-vulnerabilities-in-rt-thread-rtos\/","og_locale":"it_IT","og_type":"article","og_title":"HN Security - Multiple vulnerabilities in RT-Thread RTOS -","og_description":"Coordinated disclosure writeup about multiple vulnerabilities in RT-Thread RTOS (10 CVEs).","og_url":"https:\/\/hnsecurity.it\/it\/blog\/multiple-vulnerabilities-in-rt-thread-rtos\/","og_site_name":"HN Security","article_published_time":"2024-03-05T09:57:32+00:00","article_modified_time":"2025-10-21T09:14:00+00:00","og_image":[{"width":1600,"height":836,"url":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2025\/09\/RT-THREAD.jpg","type":"image\/jpeg"}],"author":"Marco Ivaldi","twitter_card":"summary_large_image","twitter_creator":"@hnsec","twitter_site":"@hnsec","twitter_misc":{"Scritto da":"Marco Ivaldi","Tempo di lettura stimato":"4 minuti"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hnsecurity.it\/it\/blog\/multiple-vulnerabilities-in-rt-thread-rtos\/#article","isPartOf":{"@id":"https:\/\/hnsecurity.it\/it\/blog\/multiple-vulnerabilities-in-rt-thread-rtos\/"},"author":{"name":"Marco Ivaldi","@id":"https:\/\/hnsecurity.it\/it\/#\/schema\/person\/89a4174c275f05d6148fb0fdedc8de4f"},"headline":"Multiple vulnerabilities in RT-Thread RTOS","datePublished":"2024-03-05T09:57:32+00:00","dateModified":"2025-10-21T09:14:00+00:00","mainEntityOfPage":{"@id":"https:\/\/hnsecurity.it\/it\/blog\/multiple-vulnerabilities-in-rt-thread-rtos\/"},"wordCount":766,"publisher":{"@id":"https:\/\/hnsecurity.it\/it\/#organization"},"image":{"@id":"https:\/\/hnsecurity.it\/it\/blog\/multiple-vulnerabilities-in-rt-thread-rtos\/#primaryimage"},"thumbnailUrl":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2025\/09\/RT-THREAD.jpg","keywords":["iot","semgrep","rt-thread","advisory","vulnerability research","c\/c++","code review"],"articleSection":["Vulnerabilities"],"inLanguage":"it-IT"},{"@type":"WebPage","@id":"https:\/\/hnsecurity.it\/it\/blog\/multiple-vulnerabilities-in-rt-thread-rtos\/","url":"https:\/\/hnsecurity.it\/it\/blog\/multiple-vulnerabilities-in-rt-thread-rtos\/","name":"HN Security - Multiple vulnerabilities in RT-Thread RTOS -","isPartOf":{"@id":"https:\/\/hnsecurity.it\/it\/#website"},"primaryImageOfPage":{"@id":"https:\/\/hnsecurity.it\/it\/blog\/multiple-vulnerabilities-in-rt-thread-rtos\/#primaryimage"},"image":{"@id":"https:\/\/hnsecurity.it\/it\/blog\/multiple-vulnerabilities-in-rt-thread-rtos\/#primaryimage"},"thumbnailUrl":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2025\/09\/RT-THREAD.jpg","datePublished":"2024-03-05T09:57:32+00:00","dateModified":"2025-10-21T09:14:00+00:00","description":"Coordinated disclosure writeup about multiple vulnerabilities in RT-Thread RTOS (10 CVEs).","breadcrumb":{"@id":"https:\/\/hnsecurity.it\/it\/blog\/multiple-vulnerabilities-in-rt-thread-rtos\/#breadcrumb"},"inLanguage":"it-IT","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hnsecurity.it\/it\/blog\/multiple-vulnerabilities-in-rt-thread-rtos\/"]}]},{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/hnsecurity.it\/it\/blog\/multiple-vulnerabilities-in-rt-thread-rtos\/#primaryimage","url":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2025\/09\/RT-THREAD.jpg","contentUrl":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2025\/09\/RT-THREAD.jpg","width":1600,"height":836,"caption":"RT-Thread logo"},{"@type":"BreadcrumbList","@id":"https:\/\/hnsecurity.it\/it\/blog\/multiple-vulnerabilities-in-rt-thread-rtos\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hnsecurity.it\/it\/"},{"@type":"ListItem","position":2,"name":"Multiple vulnerabilities in RT-Thread RTOS"}]},{"@type":"WebSite","@id":"https:\/\/hnsecurity.it\/it\/#website","url":"https:\/\/hnsecurity.it\/it\/","name":"HN Security","description":"Offensive Security Specialists","publisher":{"@id":"https:\/\/hnsecurity.it\/it\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hnsecurity.it\/it\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"it-IT"},{"@type":"Organization","@id":"https:\/\/hnsecurity.it\/it\/#organization","name":"HN Security","url":"https:\/\/hnsecurity.it\/it\/","logo":{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/hnsecurity.it\/it\/#\/schema\/logo\/image\/","url":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2026\/01\/hn-libellula.jpg","contentUrl":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2026\/01\/hn-libellula.jpg","width":696,"height":696,"caption":"HN Security"},"image":{"@id":"https:\/\/hnsecurity.it\/it\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/hnsec","https:\/\/www.linkedin.com\/company\/hnsecurity\/","https:\/\/github.com\/hnsecurity","https:\/\/infosec.exchange\/@hnsec"]},{"@type":"Person","@id":"https:\/\/hnsecurity.it\/it\/#\/schema\/person\/89a4174c275f05d6148fb0fdedc8de4f","name":"Marco Ivaldi","image":{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/secure.gravatar.com\/avatar\/a8a96db06e7315a061d28b320ee7bb4c9d0f1535c58bf0f54218bf8a7569bea0?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/a8a96db06e7315a061d28b320ee7bb4c9d0f1535c58bf0f54218bf8a7569bea0?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a8a96db06e7315a061d28b320ee7bb4c9d0f1535c58bf0f54218bf8a7569bea0?s=96&d=mm&r=g","caption":"Marco Ivaldi"},"url":"https:\/\/hnsecurity.it\/it\/blog\/author\/marco-ivaldi\/"}]}},"jetpack_featured_media_url":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2025\/09\/RT-THREAD.jpg","_links":{"self":[{"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/posts\/2847","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/comments?post=2847"}],"version-history":[{"count":2,"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/posts\/2847\/revisions"}],"predecessor-version":[{"id":160907,"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/posts\/2847\/revisions\/160907"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/media\/159951"}],"wp:attachment":[{"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/media?parent=2847"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/categories?post=2847"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/tags?post=2847"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}