CVE-2026-24801 identifies a vulnerability in Ralim IronOS, an operating system used primarily in Ralim's Pinecilv2 soldering irons and potentially other embedded devices. The vulnerability is located in the ECC DSA cryptographic implementation within the BLE stack's tinycrypt source modules, specifically in the source/Core/BSP/Pinecilv2/bl_mcu_sdk/components/ble/ble_stack/common/tinycrypt/source modules, affecting versions before v2.23-rc3. The issue is classified under CWE-22, which typically involves improper handling of file paths or directory traversal, suggesting that the cryptographic module may be susceptible to manipulation or unauthorized access to sensitive cryptographic operations or keys. The CVSS 4.0 score of 6.9 (medium severity) reflects that the vulnerability can be exploited remotely (AV:P - physical proximity required), with low attack complexity (AC:L), no privileges required (PR:N), and no user interaction (UI:N). The vulnerability impacts confidentiality and integrity (VC:H, VI:H) but not availability. The scope is high (SC:H), indicating that exploitation could affect components beyond the initially vulnerable module. No known exploits are currently reported in the wild, and no patches are linked yet, but the vendor has released IronOS v2.23-rc3 to address this issue. The vulnerability's presence in cryptographic code raises concerns about the potential for attackers to undermine secure communications or firmware validation processes within affected devices.

The vulnerability could allow attackers with physical proximity to exploit the cryptographic weakness in IronOS devices, potentially leading to unauthorized access to cryptographic keys or manipulation of cryptographic operations. This could compromise the confidentiality and integrity of data processed or stored by the device, including secure BLE communications. For organizations relying on Ralim IronOS-powered devices, especially in manufacturing, electronics repair, or development environments, this could lead to unauthorized firmware modifications, data leakage, or disruption of device functionality. While availability is not directly impacted, the loss of trust in device integrity could cause operational disruptions. The medium severity reflects a moderate risk, but the specialized nature of the devices and the requirement for physical proximity limit the scope of impact. However, in high-security environments or where these devices are integrated into critical workflows, the risk is elevated.

Organizations should immediately plan to update affected devices to IronOS version 2.23-rc3 or later once the patch is officially available. Until then, restrict physical access to devices running vulnerable versions to trusted personnel only. Implement strict inventory and monitoring of Ralim IronOS devices to detect unauthorized firmware changes or anomalous BLE activity. Employ network segmentation to isolate these devices from sensitive networks. Consider disabling BLE functionality if not required or using additional BLE security controls such as strong pairing methods and encryption. Engage with Ralim support channels for timely updates and guidance. Additionally, conduct regular firmware integrity checks and maintain a secure update process to prevent unauthorized modifications. Document and audit all device usage to quickly identify potential exploitation attempts.