Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

InHand Router Flaws Could Expose Many Industrial Companies to Remote Attacks

Several serious vulnerabilities discovered by researchers in industrial routers made by InHand Networks could expose many organizations to remote attacks, and patches do not appear to be available.

Several serious vulnerabilities discovered by researchers in industrial routers made by InHand Networks could expose many organizations to remote attacks, and patches do not appear to be available.

The flaws were discovered nearly one year ago by researchers at industrial cybersecurity firm OTORIO in IR615 LTE routers made by industrial IoT solutions provider InHand Networks. The company has offices in China, the U.S. and Germany, and its products are used all around the world. InHand says its customers include Siemens, GE Healthcare, Coca Cola, Philips Healthcare and other major companies.

InHand industrial router vulnerabilitiesAccording to an advisory published last week by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), OTORIO researchers discovered a total of 13 vulnerabilities in the IR615 router.

The list includes critical cross-site request forgery (CSRF), remote code execution, command injection, and weak password policy issues, as well as high-severity improper authorization and cross-site scripting (XSS) vulnerabilities.

CISA warned that malicious actors could exploit the vulnerabilities to take complete control of affected devices and intercept communications in an effort to steal sensitive information.

OTORIO told SecurityWeek that it has identified thousands of internet-exposed InHand routers that could be vulnerable to attacks, but the company noted that exploitation from the internet requires authentication to the router’s web management portal. An attacker could authenticate to the device using default credentials or by leveraging brute-force attacks to obtain login credentials. Brute-force attacks are made easy by the router’s weak password policy and a flaw that can be used to enumerate all valid user accounts.

The cybersecurity firm warned that an attacker could leverage the vulnerabilities to infiltrate an organization. From the InHand device, the attacker could move to other industrial systems within the victim’s network.

SecurityWeek ICS Cyber Security Conference

“The attacker may abuse the Remote Code Execution vulnerability to get a first foothold on the device via running CLI commands; implant a first backdoor on the device as a persistence stage; and start scanning the internal organization network in order to elevate the attacker privileges and move on to sensitive assets on the network,” explained Hay Mizrachi, penetration tester at OTORIO. “The final objective is to achieve Domain Admin privileges on the organization. Of course, if there are additional sensitive networks such as OT networks, the attacker can try to get a foothold and disrupt the day-to-day functioning of the product line floor to cause additional damage and financial costs.”

OTORIO reported its findings to InHand Networks, through CISA, in November 2020. However, CISA said in its advisory that the vendor “has not responded to requests to work with CISA to mitigate these vulnerabilities.” CISA has provided some generic mitigations to help impacted organizations reduce the risk of exploitation.

SecurityWeek has reached out to InHand Networks for comment and will update this article if the company responds.

UPDATE 06/30/2022: InHand has informed SecurityWeek that an advisory addressing the vulnerabilities has been published. An update that should patch the flaws has been released. 

Related: Cisco Patches Dozen Vulnerabilities in Industrial Routers

Related: Several Vulnerabilities Expose Phoenix Contact Industrial 4G Routers to Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.