A series of vulnerabilities affecting industrial routers made by InHand Networks could allow hackers to bypass security systems and gain access to internal operational technology (OT) networks from the internet.
The US Cybersecurity and Infrastructure Security Agency (CISA) last week published an advisory to inform organizations about five vulnerabilities identified by a researcher at industrial cybersecurity firm Otorio in InHand’s InRouter302 and InRouter615 cellular routers.
The vendor has released firmware updates that should patch these vulnerabilities.
According to CISA, most of the vulnerabilities are related to message queuing telemetry transport (MQTT) and their exploitation could lead to command/code execution and information disclosure.
One of the security holes has been assigned a ‘critical’ severity rating, two have been rated ‘high severity’ and two are medium-severity issues.
Matan Dobrushin, VP of research at Otorio, told SecurityWeek that the vulnerabilities impact both the cloud management platform and the device’s firmware.
“Chaining these vulnerabilities together can allow an attacker to remotely execute code as root on all connected InRouter302 and InRouter615 devices directly from the internet,” Dobrushin explained.
The affected devices are used for industrial robots, oil wells, elevators, medical equipment, electric car charging stations, and smart meters.
“We are certain that there are tens of thousands of devices that are impacted by these vulnerabilities, affecting thousands of critical sites around the globe,” Dobrushin warned.
Roni Gavrilov, the Otorio researcher credited for finding these flaws, provided additional information on impact in a LinkedIn post.
“Successful exploitation of industrial wireless IoT may allow an attacker to bypass all of the security layers protecting the internal OT network at once, enabling access directly to connected PLCs, HMIs and field devices on the attacked site, easily impacting the process and potentially propagating the attack to the control center,” the researcher said.
This is not the first time Otorio has found vulnerabilities in InHand routers. In 2021, the company reported finding more than a dozen security flaws in one of the vendor’s cellular routers.
In addition, in 2022, Cisco’s Talos threat intelligence and research unit reported finding 17 vulnerabilities in the InRouter302 product.