Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

I-O Data Confirms Zero-Day Attacks on Routers, Full Patches Pending

Japanese device maker confirms zero-day router exploitation and warn that full patches won’t be available for a few weeks.

Cisco exploited

Japanese device maker I-O Data this week confirmed zero-day exploitation of critical flaws in multiple routers and warned that full patches won’t be available for a few weeks.

According to a warning from incident responders at JPCERT/CC, the most serious flaw opens the door for a remote attacker to disable the router’s firewall, execute commands, or alter configurations.

“The developer states that attacks exploiting these vulnerabilities have been observed,” according to the JPCERT/CC alert.

A separate bulletin from IO-Data documents three separate defects — CVE-2024-45841, CVE-2024-47133 and CVE-2024-52564 — and warns of additional information disclosure and command execution risks.

From the IO-Data advisory:

  • CVE-2024-45841 — If a third party who knows the guest account of the device accesses a specific file, information including authentication information may be stolen. CVSS 6.5.
  • CVE-2024-47133 — Arbitrary OS commands can be executed by a third party who can log in as an administrator user. CVSS 7.2.
  • CVE-2024-52564: (Undocumented features inclusion) A remote third party may disable the firewall of the target device, execute arbitrary OS commands on the target device, or change the device settings. CVSS 7.5.

IO-Data, known for its PC peripherals and IOT devices, has shipped a firmware update (version 2.1.9) to fix one of the bugs but warned that fixes for CVE-2024-45841 and CVE-2024-47133 won’t be available until at least December 18, 2024.

There are no public details available on the zero-day exploits, which were reported by  researchers from the National Institute of Information and Communications Technology and 00One, Inc., and coordinated through Japan’s Information Security Early Warning Partnership.

Related: Sophisticated Cyberspies Target Middle East, Africa via Routers

Related: US Disrupts ‘Raptor Train’ Botnet of Chinese APT Flax Typhoon

Advertisement. Scroll to continue reading.

Related: Researchers Discover 40,000-Strong EOL Router, IoT Botnet 

Related: US Gov Disrupts SOHO Router Botnet Used by Chinese APT Volt Typhoon

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Karl Triebes has joined Ivanti as Chief Product Officer.

Steven Hernandez has joined USAID as CISO and Deputy CIO.

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.