Firmware vulnerabilities in Wi-Fi adapters, USB hubs, trackpads and cameras are putting millions of peripheral devices in danger of a range of cyberattacks. A lack of proper code-signing verification and authentication for firmware updates opens the door to information disclosure, remote code execution, denial of service and more. Firmware-based attacks have seen a 7.5-time increase in firmware/hardware CVEs from three years ago, Eclypsium researchers say. The vulnerabilities can be harder to detect and more difficult to patch.
Source: https://threatpost.com/lenovo-hp-dell-peripherals-unpatched-firmware/152936/