Researcher Dr. Aditya K. Sood has revealed at least 2 critical vulnerabilities in NetComm Wireless Routers. These industrial routers are manufactured by Australian telecommunications Equipment Company and are mainly used as a critical infrastructure in the communication sector. As per the advisory issued by the Industrial Control Systems Cyber Emergency Response Team ICS-CERT, it’s the 4G LTE Light Industrial M2M Router with firmware 2.0.29.11 and prior that are affected. However, there are no exploits found out there in the wild so far that exploits the vulnerabilities.
Some of the vulnerabilities that have been brought to light by the researcher are Information Exposure, Cross-site Request Forgery, Cross-site Scripting, and Information Exposure through Directory Listing. Except for the Information Exposure vulnerability the rest of the vulnerabilities have been labeled as critical.
The Information Exposure Vulnerability [CVE-2018-14782]
This vulnerability allows the attacker to successfully gain access to the configuration files and profiles. When exploited the vulnerability would pave path for an unauthenticated user to attack the web server of the device and steal information. The CVSS deems this threat ‘high’ and gives a score of 7.5. Even the attack complexities might be low, however the severity of an attack depends upon the information type that has been revealed.
Cross-site Request Forgery [CVE-2018-14783]
The vulnerability has been labeled as critical and allows a remote attacker to by-pass a token based mechanism and gain access to the web interface password of the router.
Cross-site Scripting [CVE-2018-14784]
CVSS rating of this vulnerability is 9.8 and its severity is deemed critical. This flaw is caused by improper neutralization of input while the webpage loads. It is possible for an attacker to load an arbitrary code on the device. Such an arbitrary code can result to a stolen session of information or some other malicious code can be executed.
Information Exposure through Directory Listing [CVE-2018-14785]
The exposure of the directory provides complete visibility of all the resources/files located inside the dictionary. The criticality of the attack can only be determined by the importance of the files that are exposed through directory listing.
The latest firmware to patch the vulnerabilities can be found here.
Get in touch with us for cybersecurity needs.