High severity flaws in ConnectedIO 3G/4G routers raise IoT security concerns | spcilvly

October 9, 2023newsroomIoT Vulnerability/Security

IoT security

Multiple high-severity security vulnerabilities have been revealed in ConnectedIO’s ER2000 edge routers and cloud-based management platform that could be exploited by malicious actors to execute malicious code and access sensitive data.

“An attacker could have exploited these flaws to completely compromise the cloud infrastructure, execute code remotely, and leak all client and device information,” Claroty’s Noam Moshe said in an analysis published last week.

Vulnerabilities in 3G/4G routers could expose thousands of internal networks to serious threats, allowing criminals to take control, intercept traffic, and even infiltrate the extended Internet of Things (XIoT).

Flaws affecting ConnectedIO platform versions v2.1.0 and earlier, primarily the ER2000 4G Edge Router and cloud services, could be chained, allowing attackers to execute arbitrary code on cloud-based devices without the need for direct access to them.

Flaws have also been discovered in the communication protocol (i.e. MQTT) used between devices and the cloud, including the use of encrypted authentication credentials, which could be used to register an unauthorized device and access MQTT messages containing identifiers. device, Wi. -Fi settings, SSID and router passwords.

A consequence of the vulnerabilities is that a threat actor could not only impersonate any device of their choice using the leaked IMEI numbers, but also force it to execute arbitrary commands posted via specially crafted MQTT messages.

Cyber ​​security

This is possible using a bash command with opcode “1116”, which executes a remote command “as is”.

“This command, which does not require any form of authentication other than being able to type it into the correct topic, allows us to execute arbitrary commands on all devices,” Moshe explained.

“It is missing validation that the sender of the commands is actually an authorized sender. Using this command opcode, we were able to generate a payload that will result in the code being executed every time it is sent to a device.”

The issues have been assigned the following CVE identifiers:

  • CVE-2023-33375 (CVSS Score: 8.6) – A stack-based buffer overflow vulnerability in its communication protocol, which allows attackers to take control of devices.
  • CVE-2023-33376 (CVSS Score: 8.6): An argument injection vulnerability in the ip tables command message in its communication protocol, which allows attackers to execute arbitrary operating system commands on devices.
  • CVE-2023-33377 (CVSS Score: 8.6) – An operating system command injection vulnerability in the firewall command set in part of its communication protocol, allowing attackers to execute arbitrary operating system commands on devices.
  • CVE-2023-33378 (CVSS Score: 8.6) – An argument injection vulnerability in its AT command message in its communication protocol, which allows attackers to execute arbitrary operating system commands on devices.

“These vulnerabilities, if exploited, could pose a serious risk to thousands of companies around the world, allowing attackers to disrupt companies’ business and production, as well as giving them access to companies’ internal networks,” he said. Moshe.

Cyber ​​security

The disclosure comes as the company also revealed a handful of flaws in network-attached storage (NAS) devices from Synology and Western Digital that could be used as weapons to impersonate and control them, as well as steal stored data and redirect users. users to a controlled attacker. device.

It also follows the discovery of three unpatched vulnerabilities affecting Baker Hughes’ Bfully Nevada 3500 rack model that could be used to bypass the authentication process and gain full access to the device and.

“In the most severe scenario, these flaws could allow an attacker to completely compromise the device and alter its internal configuration, which could lead to incorrect measurements of monitored machines or denial of service attacks,” Nozomi Networks said.

Did you find this article interesting? Follow us Twitter and LinkedIn to read more exclusive content we publish.

Leave a Reply

Your email address will not be published. Required fields are marked *