Various superior-severity security vulnerabilities have been disclosed in ConnectedIO’s ER2000 edge routers and the cloud-based management system that could be exploited by malicious actors to execute malicious code and access delicate information.
“An attacker could have leveraged these flaws to fully compromise the cloud infrastructure, remotely execute code, and leak all shopper and product information and facts,” Claroty’s Noam Moshe mentioned in an assessment published very last week.
Vulnerabilities in 3G/4G routers could expose hundreds of inside networks to critical threats, enabling bad actors to seize regulate, intercept targeted traffic, and even infiltrate Extended Internet of Matters (XIoT) matters.
The shortcomings impacting the ConnectedIO platform versions v2.1. and prior, mainly the 4G ER2000 edge router and cloud products and services, could be chained, permitting attackers to execute arbitrary code on the cloud-based equipment with no necessitating immediate accessibility to them.
Flaws have also been unearthed in the conversation protocol (i.e., MQTT) employed amongst the devices and the cloud, like the use of challenging-coded authentication qualifications, that could be employed to sign up a rogue device and entry MQTT messages that contains product identifiers, Wi-Fi configurations, SSIDs, and passwords from routers.
A consequence of the vulnerabilities is that a risk actor could not only impersonate any product of their preference working with the leaked IMEI numbers, but also force them to execute arbitrary instructions revealed by means of specifically crafted MQTT messages.
This is designed attainable as a result of a bash command with the opcode “1116,” which executes a remote command “as-is.”
“This command, which does not require any other variety of authentication other than staying capable to create it to the appropriate topic, will allow us to execute arbitrary instructions on all units,” Moshe defined.
“It lacks validation that the sender of the commands is truly an authorized issuer. Applying this command opcode, we were being ready to create a payload that will outcome in code execution whenever it is despatched to a gadget.”
The issues have been assigned the subsequent CVE identifiers –
- CVE-2023-33375 (CVSS score: 8.6) – A stack-based buffer overflow vulnerability in its interaction protocol, enabling attackers to get manage over products.
- CVE-2023-33376 (CVSS rating: 8.6) – An argument injection vulnerability in its ip tables command concept in its conversation protocol, enabling attackers to execute arbitrary OS instructions on equipment.
- CVE-2023-33377 (CVSS score: 8.6) – An operating process command injection vulnerability in the set firewall command in element of its communication protocol, enabling attackers to execute arbitrary OS commands on equipment.
- CVE-2023-33378 (CVSS score: 8.6) – An argument injection vulnerability in its AT command message in its conversation protocol, enabling attackers to execute arbitrary OS commands on equipment.
“These vulnerabilities, if exploited, could pose serious risk for countless numbers of firms all over the environment, letting attackers to disrupt the companies’ small business and manufacturing, along with providing them obtain to the companies’ inside networks,” Moshe claimed.
The disclosure comes as the enterprise also revealed a handful of flaws in network-attached storage (NAS) products from Synology and Western Digital that could be weaponized to impersonate and command them, as perfectly as steal stored details and redirect end users to an attacker-managed gadget.
It also follows the discovery of three unpatched vulnerabilities affecting Baker Hughes’ Bently Nevada 3500 rack model that could be utilized to bypass the authentication procedure and get complete accessibility to the device and .
“In the most serious state of affairs, these flaws could allow an attacker to absolutely compromise the product and change its internal configuration, most likely main to possibly incorrect measurements from monitored machines, or denial-of-services assaults,” Nozomi Networks stated.
Observed this short article appealing? Comply with us on Twitter and LinkedIn to go through extra special content material we post.
Some parts of this article are sourced from:
thehackernews.com