A collection of 21 security flaws have been discovered in Sierra Wireless Airlink cellular routers and open-source software components such as TinyXML and OpenNDS.
Collectively tracked as Sierra:21, the issues expose over 86,000 devices across critical sectors like energy, healthcare, waste management, retail, emergency services, and vehicle tracking to cyber threats, according to Forescout Vedere Labs. A majority of these devices are located in the U.S., Canada, Australia, France, and Thailand.
“These vulnerabilities could allow attackers to steal credentials, take control of a router by injecting malicious code, persist on the device, and use it as an initial access point into a critical network,” the industrial cybersecurity company said in a new analysis.
Of the 21 vulnerabilities, one has been rated as critical, nine as high and 11 as moderate.
This includes remote code execution (RCE), cross-site scripting (XSS), denial-of-service (DoS), unauthorized access, and authentication bypasses that could be exploited to seize control of vulnerable devices, conduct credential theft via injection of malicious JavaScript, crash the management application, amd conduct adversary-in-the-middle (AitM) attacks.
These vulnerabilities can also be weaponized by botnet malware for worm-like automated propagation, communication with command-and-control (C2) servers, and enslaving affected susceptible machines to launch DDoS attacks.
Fixes for the vulnerabilities have been released in ALEOS 4.17.0 (or ALEOS 4.9.9), and OpenNDS 10.1.3. TinyXML, on the other hand, is no longer actively maintained, making it necessary to resolve issues downstream by affected vendors.
“Attackers could leverage some of the new vulnerabilities to take full control of OT/IoT routers in critical infrastructure and achieve various goals such as network disruption, espionage, lateral movement, and further malware deployment,” Forescout said.
“Vulnerabilities impacting critical infrastructure are like an open window for bad actors in every community. State-sponsored actors are developing custom malware to use routers for persistence and espionage. Cybercriminals are also leveraging routers and related infrastructure for residential proxies and to recruit into botnets. “
