Unfixable Firmware Flaw in Older Intel, Lenovo Devices Enables Potential Hacking
-
Some Intel and Lenovo products have an unfixable firmware bug that could allow hacking. The bug has existed for years and will never be patched.
-
The bug is in Lighttpd web server software used in the products' firmware. The bug was fixed in Lighttpd years ago but was never given a CVE identifier.
-
Products impacted include those deemed "end-of-life" by Intel and Lenovo so will not receive further software updates.
-
The bug severity is moderate but could help enable a more sophisticated attack by providing access to sensitive data.
-
Intel and Lenovo confirm they are aware of the issue but the affected products are end-of-life so will not be updated.