CVE-2026-24801 identifies a vulnerability in the Ralim IronOS firmware, specifically within the elliptic curve digital signature algorithm (ECDSA) implementation located in the tinycrypt cryptographic library used by the BLE stack components. The affected code resides in the ecc_dsa.C source files under the BLE stack common modules. This vulnerability impacts all IronOS versions prior to v2.23-rc3. The flaw allows an unauthenticated attacker with physical or network proximity to the Bluetooth interface to exploit weaknesses in the cryptographic processing, potentially leading to compromise of confidentiality and integrity of the device's operations. The CVSS 4.0 vector indicates the attack requires physical proximity (AV:P), low attack complexity (AC:L), no privileges (PR:N), no user interaction (UI:N), but results in high confidentiality and integrity impact (VC:H, VI:H), with no impact on availability. The scope is high, indicating that exploitation could affect components beyond the initially vulnerable module. No known exploits have been reported in the wild, but the vulnerability poses a risk to devices relying on IronOS, such as the Pinecilv2 soldering iron, which is popular in electronics manufacturing and repair. The vulnerability could allow attackers to intercept or manipulate cryptographic operations, potentially enabling unauthorized firmware modifications or data leakage. The absence of patches at the time of reporting emphasizes the need for vendor updates and user vigilance.

For European organizations, especially those in electronics manufacturing, repair, and development sectors using Ralim IronOS-powered devices, this vulnerability could lead to unauthorized access or manipulation of device firmware and sensitive cryptographic operations. The compromise of confidentiality and integrity could result in leakage of proprietary information or sabotage of device functionality, impacting operational reliability. Given the Bluetooth-based attack vector, environments with open or poorly secured wireless access are at higher risk. Industrial and research facilities relying on Pinecilv2 or similar tools could face operational disruptions or intellectual property theft. The medium severity and lack of known exploits reduce immediate risk but do not eliminate the potential for targeted attacks, particularly in high-value environments. The impact is heightened in countries with significant electronics industries and where Ralim products have market penetration.

Organizations should immediately verify the IronOS version on all Ralim devices and update to version 2.23-rc3 or later once available. Until patches are applied, restrict Bluetooth access to trusted personnel and secure physical environments to prevent proximity-based attacks. Employ network segmentation and Bluetooth device whitelisting where possible. Monitor device behavior for anomalies indicative of cryptographic manipulation or unauthorized firmware changes. Engage with Ralim for official patches and security advisories. Incorporate vulnerability scanning and firmware integrity checks into regular maintenance routines. Educate users on the risks of connecting devices in unsecured environments and enforce strict access controls. Consider disabling Bluetooth functionality if not essential for operations.