The JSOF research lab, a group of researchers who focus on low-level software vulnerabilities, disclosed 19 vulnerabilities they’ve named “Ripple20.” The batch affects an embedded Internet of Things (IoT) TCP/IP software library developed by Treck Inc., a developer for embedded internet protocols. This library is found in a wide array of devices from over 70 hardware vendors. When exploited, these vulnerabilities could lead to device takeover and allow an attacker to pivot from affected devices to other critical infrastructure. These vulnerabilities follow the disclosure of CVE-2020-10136, an IP-in-IP packet processing vulnerability disclosed earlier this month, which also affects IoT device TCP/IP libraries developed by Treck. Ripple20 also echoes multi-vulnerability disclosures like URGENT/11, which has continued to widen in impact over time.