ConnectedIO's 3G/4G Routers vulnerable to remote code execution
Take action: If you are using ConnectedIO routers, time to start patching. You can postpone patching only if your routers are in a non-internet connected network and the 3G/4G are in an isolated APN. But even so, plan to apply patches before someone exposes the routers
Learn More
A series of critical vulnerabilities has been uncovered in ConnectedIO's ER2000 edge routers, which pose significant threats to cloud infrastructure security. If exploited, an attacker could gain complete control over the cloud infrastructure, remotely execute malicious code, and expose sensitive user and device data.
The ER2000 edge routers primarily function as gateways between remote sites and the internet. They play a pivotal role in enabling XIoT (Extended Internet of Things) devices at these sites to establish online connections.
- Researchers have identified four critical vulnerabilities, tracked as CVE-2023-33375, CVE-2023-33376, CVE-2023-33377, and CVE-2023-33378. All carry a CVSS score of 9.8. These vulnerabilities enable attackers to remotely execute code on all connected devices. If these vulnerabilities are exploited, they pose a significant risk to enterprises worldwide. Attackers could disrupt business operations, production processes, and gain unauthorized access to internal networks.
- Moreover, vulnerabilities have been found in the MQTT (Message Queuing Telemetry Transport) communication protocol, which is instrumental in connecting IoT devices to the cloud infrastructure. These vulnerabilities include the use of hard-coded authentication credentials. Attackers could leverage these credentials to register rogue devices, thereby gaining unauthorized access to MQTT messages containing critical information such as router passwords, SSIDs, and device identifiers.
- One particularly alarming aspect of these vulnerabilities is the exploitation of IMEI (International Mobile Equipment Identity) information. Threat actors can not only impersonate any device of their choosing but also compel these devices to execute arbitrary commands conveyed through specially crafted MQTT messages. This manipulation is achieved using the bash command with the opcode "1116," which enables the execution of remote commands without additional authentication checks. Importantly, this command does not validate whether the sender of the command is an authorized issuer.
These vulnerabilities impact versions of the ConnectedIO platform up to v2.1.0, with a particular focus on the 4G ER2000 edge router and its associated cloud services.
ConnectedIO has released firmware updates to address all the identified vulnerabilities. These updates have been deployed to the cloud infrastructure of ConnectedIO. Users are advised to update their own devices.
