Security News > 2023 > December > "Sierra:21" vulnerabilities impact critical infrastructure routers
A set of 21 newly discovered vulnerabilities impact Sierra OT/IoT routers and threaten critical infrastructure with remote code execution, unauthorized access, cross-site scripting, authentication bypass, and denial of service attacks.
The flaws discovered by Forescout Vedere Labs affect Sierra Wireless AirLink cellular routers and open-source components like TinyXML and OpenNDS. AirLink routers are highly regarded in the field of industrial and mission-critical applications due to high-performance 3G/4G/5G and WiFi and multi-network connectivity.
Forescout's researchers discovered 21 new vulnerabilities in Sierra AirLink cellular routers and the TinyXML and OpenNDS components, which are part of other products, too.
According to the researchers, an attacker could exploit some of the vulnerabilities "To take full control of an OT/IoT router in critical infrastructure." The compromise could lead to network disruption, enable espionage, or move laterally to more important assets, and malware deployment.
After running a scan on Shodan search enging for internet-connected devices, Forescout researchers found over 86,000 AirLink routers exposed online in critical organizations engaged in power distribution, vehicle tracking, waste management, and national health services.
According to the company, threat actors are increasingly targeting routers and network infrastructure environments, launching attacks with custom malware that use the devices for persistence and espionage purposes.
News URL
Related news
- Ivanti fixes critical vulnerabilities in Endpoint Management (CVE-2024-29847) (source)
- D-Link fixes critical RCE, hardcoded password flaws in WiFi 6 routers (source)
- 80% of Critical National Infrastructure Companies Experienced an Email Security Breach in Last Year (source)
- Despite Russia warnings, Western critical infrastructure remains unprepared (source)
- DrayTek fixed critical flaws in over 700,000 exposed routers (source)
- Alert: Over 700,000 DrayTek Routers Exposed to Hacking via 14 New Vulnerabilities (source)
- CISA: Network switch RCE flaw impacts critical infrastructure (source)
- Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited (source)
- Iranian hackers act as brokers selling critical infrastructure access (source)
- U.S. and Allies Warn of Iranian Cyberattacks on Critical Infrastructure in Year-Long Campaign (source)