Other Sierra AirLink router models affected by critical flaws

Sierra Wireless is warning its customers that additional AiraLink router models are affected by critical vulnerabilities previously disclosed.

At the end of April, experts at Cisco Talos group disclosed a dozen
of vulnerabilities in Sierra Wireless AirLink gateways and routers, including several serious flaws.

Sierra Wireless AirLink gateways and routers are widely used in enterprise environments to connect industrial equipment, smart devices, sensors, point-of-sale (PoS) systems, and Industrial Control systems (ICSs).

Experts discovered three flaws classified as “critical” (CVSS score 9.9) that can be exploited by an attacker to make changes to any system settings and execute arbitrary commands and code. An authenticated attacker could exploit the flaw by sending specially crafted HTTP requests to the targeted device.

The company is now warning that some of the flaws affect other Sierra Wireless’ AirLink routers using the ALEOS software.

According to the advisory published by the ICS CERT, the company patched seven vulnerabilities, two of which rated as ‘critical’ and five as ‘medium-severity’ vulnerabilities.

“Successful exploitation of these vulnerabilities could allow attackers to remotely execute code, discover user credentials, upload files, or discover file paths,” reads the security advisory.

Below the list of affected Sierra AirLink models:

LS300, GX400, GX440, and ES440: Version 4.4.8 and prior
GX450 and ES450: All versions prior to 4.9.4
MP70, MP70E, RV50, RV50X, LX40, and LX60: All versions prior to 4.12

The most severe flaws disclosed by Sierra are an OS command-injection vulnerability tracked as CVE-2018-4061 (CVSS score 9.1) and an unrestricted file upload vulnerability tracked as CVE-2018-4063
(CVSS score 9.1).

The CVE-2018-4061 is classified as an improper neutralization of special elements used in an os command (‘os command injection’). The flaw could be exploited sending specially crafted authenticated HTTP request to the vulnerable devices resulting in remote code execution.

The CVE-2018-4063 vulnerability is classified as an unrestricted upload of file with dangerous type. The flaw could be exploited by sending a specially crafted authenticated HTTP request to upload a file, resulting in an executable, routable code upload to the web server.

Sierra also disclosed the following five medium-severity vulnerabilities:

Sierra Wireless has addressed the flaws with security fixes, users have to apply them as soon as possible.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Sierra Airlink, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.