Critical Flaws Found in NetComm Industrial Routers
13.8.18 securityweek ICS 
Vulnerebility

An industrial router made by Australian telecommunications equipment company NetComm Wireless is affected by several serious vulnerabilities that can be exploited remotely to take control of affected devices.

According to an advisory published last week by ICS-CERT, NetComm 4G LTE Light industrial M2M routers running firmware version 2.0.29.11 and prior are impacted by four vulnerabilities. The list includes information disclosure, cross-site scripting (XSS) and cross-site request forgery (CSRF) issues that have been assigned the CVE identifiers CVE-18-14782 through CVE-18-14785.

Researcher Aditya K. Sood, who has been credited for finding the vulnerabilities, told SecurityWeek that one of the security holes allows an unauthenticated attacker to access information about a device’s web server. NetComm patches critical flaws in industrial routers

A CSRF vulnerability, present due to failure to enforce a token mechanism, can be exploited by a remote attacker to perform various actions, including to change the password to the router’s web interface.

An XSS flaw is caused by the failure of the application hosted on the embedded web server to implement input filtering and sanitization.

“Any arbitrary value passed by the remote user was processed and rendered in the application. As a result, the payload passed as a value gets executed in the browser. The attacker could have stolen session information or could have executed malicious code via the NetComm router web interface,” Sood explained.

The last vulnerability is an information disclosure issue that can be exploited by an attacker to obtain details on the router’s components.

 NetComm patches critical flaws in industrial routers

The CSRF and XSS flaws have been classified by ICS-CERT as “critical,” while the information disclosure issues are said to be “high severity.” CSRF and XSS flaws typically require the targeted user to click on a link.

The flaws can be exploited remotely from the Internet. A search revealed the existence of hundreds of devices exposed to attacks, Sood told SecurityWeek.

“The vulnerabilities combined with other sets of attacks and specific command execution to alter the configuration could result in compromising the device at the system level,” the researcher explained.

The expert reported his findings via ICS-CERT in October 2017. NetComm appears to have released a firmware update that patches the security holes in mid-May 18.