ICS-CERT warns of critical flaws in NetComm industrial routers

Security researcher has found two critical vulnerabilities in the industrial routers manufactured by the Australian company NetComm Wireless.

Security researcher Aditya K. Sood has found two critical vulnerabilities in the industrial routers manufactured by the Australian company NetComm Wireless that can be exploited remotely to take control of affected devices. The affected models are NetComm 4G LTE Light industrial M2M routers running firmware version 2.0.29.11 and prior.

Sood reported the flaws to the ICS-CERT in October 2017.

The CSRF and XSS flaws have been classified by as “critical,” while the information disclosure issues have been classified as “high severity.”The ICS-CERT published a security advisory that warns of four vulnerabilities that affect the industrial routers. The issues tracked with CVE identifiers CVE-2018-14782 through CVE-2018-14785, are an Information Exposure, a Cross-site Request Forgery, a Cross-site Scripting, an Information Exposure through Directory Listing.

The cross-site request forgery condition could be triggered by a remote attacker to change passwords of the device.

“When a web server is designed to receive a request from a client without any mechanism for verifying that it was intentionally sent, then it might be possible for an attacker to trick a client into making an unintentional request to the web server which will be treated as an authentic request. This can be done via a URL, image load, XMLHttpRequest, etc. and can result in exposure of data or unintended code execution.” reads the security advisory.

The Netcomm industrial routers are vulnerable to several cross-site scripting attacks, a remote attacker can carry out them to run arbitrary code on the device.

“The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.” states the advisory.

The XSS vulnerability is tied with the failure of the application hosted on the embedded web server to filter and sanitize the input.

Another flaw is an Information Exposure Through Directory Listing that could be triggered by an attacker to gain the complete index of all the resources located inside of the directory.

The last issue is an information disclosure issue that can be exploited by an attacker to obtain details on the router’s components.

NetComm has released a firmware update that addresses the security vulnerabilities in mid-May 2018.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(Securi ty Affairs – NetComm industrial router, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.