ORing Industrial Networking confirmes multiple critical flaws in IAP-420 product
Take action: If you are using ORing Industrial IAP-420, make sure they are isolated from the internet and accessible only from trusted networks. Then reach out to the vendor for patches. Don't ignore this, there is a public PoC, so hackers will make an automatic exploit.
Learn More
ORing Industrial Networking Corporation has acknowledged multiple critical vulnerabilities in their IAP-420 device that could allow attackers to compromise the system through its management interface.
The identified vulnerabilities are:
- CVE-2024-5411 (CVSS score 9.6) - Command Injection vulnerability, exists in the filename parameter during configuration file uploads. Requires authentication to the web interface
- CVE-2024-5410 (CVSS score 9.3) - Stored XSS vulnerability can be exploited by injecting malicious JavaScript code into the SSID input field. Exploitation requires luring an authenticated user to visit a malicious website.
The security flaws affect all versions of IAP-420 up to and including version 2.01e.
The vulnerabilities were discovered by Thomas Weber of CyberDanube, with CISA identifying and reporting public proof of concept (PoC) code to ORing. The affected devices are deployed worldwide and are particularly relevant to several critical infrastructure sectors, including Commercial Facilities, Critical Manufacturing, Energy, and Transportation Systems.
ORing has acknowledged these vulnerabilities and is actively working on developing a fix. As of February 13, 2025, when the advisory was initially published, CISA has not received any reports of public exploitation targeting these vulnerabilities.
