Sierra:21 - Flaws in Sierra Wireless Routers Expose Critical Sectors to Cyber Attacks
7.12.23 Vulnerebility The Hacker News
A collection of 21 security flaws have been discovered in Sierra Wireless AirLink cellular routers and open-source software components like TinyXML and OpenNDS.
Collectively tracked as Sierra:21, the issues expose over 86,000 devices across critical sectors like energy, healthcare, waste management, retail, emergency services, and vehicle tracking to cyber threats, according to Forescout Vedere Labs. A majority of these devices are located in the U.S., Canada, Australia, France, and Thailand.
"These vulnerabilities may allow attackers to steal credentials, take control of a router by injecting malicious code, persist on the device and use it as an initial access point into critical networks," the industrial cybersecurity company said in a new analysis.
Of the 21 vulnerabilities, one is rated critical, nine are rated high, and 11 are rated medium in severity.
This includes remote code execution (RCE), cross-site scripting (XSS), denial-of-service (DoS), unauthorized access, and authentication bypasses that could be exploited to seize control of vulnerable devices, conduct credential theft via injection of malicious JavaScript, crash the management application, amd conduct adversary-in-the-middle (AitM) attacks.
These shortcomings can also be weaponized by botnet malware for worm-like automatic propagation, communication with command-and-control (C2) servers, and enslaving affected susceptible machines to launch DDoS attacks.
Fixes for the flaws have been released in ALEOS 4.17.0 (or ALEOS 4.9.9), and OpenNDS 10.1.3. TinyXML, on the other hand, is no longer actively maintained, necessitating that the problems be addressed downstream by affected vendors.
"Attackers could leverage some of the new vulnerabilities to take full control of an OT/IoT router in critical infrastructure and achieve different goals such as network disruption, espionage, lateral movement and further malware deployment," Forescout said.
"Vulnerabilities impacting critical infrastructure are like an open window for bad actors in every community. State-sponsored actors are developing custom malware to use routers for persistence and espionage. Cybercriminals are also leveraging routers and related infrastructure for residential proxies and to recruit into botnets."