India, July 6 -- A USB port or SD card slot can look harmless. On embedded devices, it can be a direct path into the firmware. That is the real warning behind seven newly disclosed FatFs vulnerabilities affecting a small filesystem library used across millions of devices. Security firm runZero disclosed the flaws in FatFs, a compact C library that helps devices read and write FAT and exFAT storage. The library appears in firmware, real-time operating systems, software development kits, drones, industrial controllers, security cameras, hardware wallets, and update tools.

A key point is simple devices that automatically mount USB drives, SD cards, or update images can be exposed before users even see a single file.

FatFs sits close to the...