Security researcher Aditya K. Sood has found two critical vulnerabilities in the industrial routers manufactured by the Australian company NetComm Wireless that can be exploited remotely to take control of affected devices. The affected models are NetComm 4G LTE Light industrial M2M routers running firmware version 184.108.40.206 and prior.
Sood reported the flaws to the ICS-CERT in October 2017.
The CSRF and XSS flaws have been classified by as “critical,” while the information disclosure issues have been classified as “high severity.”The ICS-CERT published a security advisory that warns of four vulnerabilities that affect the industrial routers. The issues tracked with CVE identifiers CVE-2018-14782 through CVE-2018-14785, are an Information Exposure, a Cross-site Request Forgery, a Cross-site Scripting, an Information Exposure through Directory Listing.
The cross-site request forgery condition could be triggered by a remote attacker to change passwords of the device.
“When a web server is designed to receive a request from a client without any mechanism for verifying that it was intentionally sent, then it might be possible for an attacker to trick a client into making an unintentional request to the web server which will be treated as an authentic request. This can be done via a URL, image load, XMLHttpRequest, etc. and can result in exposure of data or unintended code execution.” reads the security advisory.
The Netcomm industrial routers are vulnerable to several cross-site scripting attacks, a remote attacker can carry out them to run arbitrary code on the device.
“The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.” states the advisory.
The XSS vulnerability is tied with the failure of the application hosted on the embedded web server to filter and sanitize the input.
Another flaw is an Information Exposure Through Directory Listing that could be triggered by an attacker to gain the complete index of all the resources located inside of the directory.
The last issue is an information disclosure issue that can be exploited by an attacker to obtain details on the router’s components.
NetComm has released a firmware update that addresses the security vulnerabilities in mid-May 2018.