A number of high-severity security vulnerabilities have been disclosed in ConnectedIO’s ER2000 edge routers and the cloud-based administration platform that may very well be exploited by malicious actors to execute malicious code and entry delicate information.
“An attacker may have leveraged these flaws to completely compromise the cloud infrastructure, remotely execute code, and leak all buyer and machine info,” Claroty’s Noam Moshe stated in an evaluation revealed final week.
Vulnerabilities in 3G/4G routers may expose 1000’s of inner networks to extreme threats, enabling unhealthy actors to grab management, intercept site visitors, and even infiltrate Prolonged Web of Issues (XIoT) issues.
The shortcomings impacting the ConnectedIO platform variations v2.1.0 and prior, primarily the 4G ER2000 edge router and cloud companies, may very well be chained, allowing attackers to execute arbitrary code on the cloud-based units with out requiring direct entry to them.
Flaws have additionally been unearthed within the communication protocol (i.e., MQTT) used between the units and the cloud, together with using hard-coded authentication credentials, that may very well be used to register a rogue machine and entry MQTT messages containing machine identifiers, Wi-Fi settings, SSIDs, and passwords from routers.
A consequence of the vulnerabilities is {that a} risk actor couldn’t solely impersonate any machine of their alternative utilizing the leaked IMEI numbers, but in addition drive them to execute arbitrary instructions revealed through specifically crafted MQTT messages.
That is made doable by way of a bash command with the opcode “1116,” which executes a distant command “as-is.”
“This command, which doesn’t require another type of authentication apart from with the ability to write it to the proper matter, permits us to execute arbitrary instructions on all units,” Moshe defined.
“It lacks validation that the sender of the instructions is definitely a certified issuer. Utilizing this command opcode, we had been capable of generate a payload that can end in code execution every time it’s despatched to a tool.”
The problems have been assigned the next CVE identifiers –
- CVE-2023-33375 (CVSS rating: 8.6) – A stack-based buffer overflow vulnerability in its communication protocol, enabling attackers to take management over units.
- CVE-2023-33376 (CVSS rating: 8.6) – An argument injection vulnerability in its ip tables command message in its communication protocol, enabling attackers to execute arbitrary OS instructions on units.
- CVE-2023-33377 (CVSS rating: 8.6) – An working system command injection vulnerability within the set firewall command in a part of its communication protocol, enabling attackers to execute arbitrary OS instructions on units.
- CVE-2023-33378 (CVSS rating: 8.6) – An argument injection vulnerability in its AT command message in its communication protocol, enabling attackers to execute arbitrary OS instructions on units.
“These vulnerabilities, if exploited, may pose severe threat for 1000’s of firms world wide, permitting attackers to disrupt the businesses’ enterprise and manufacturing, together with giving them entry to the businesses’ inner networks,” Moshe stated.
The disclosure comes as the corporate additionally revealed a handful of flaws in network-attached storage (NAS) units from Synology and Western Digital that may very well be weaponized to impersonate and management them, in addition to steal saved information and redirect customers to an attacker-controlled machine.
It additionally follows the invention of three unpatched vulnerabilities affecting Baker Hughes’ Bently Nevada 3500 rack mannequin that may very well be utilized to bypass the authentication course of and procure full entry to the machine and .
“In essentially the most extreme situation, these flaws may enable an attacker to completely compromise the machine and alter its inner configuration, probably resulting in both incorrect measurements from monitored machines, or denial-of-service assaults,” Nozomi Networks stated.
