Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

InHand Router Flaws Could Expose Many Industrial Companies to Remote Attacks

Several serious vulnerabilities discovered by researchers in industrial routers made by InHand Networks could expose many organizations to remote attacks, and patches do not appear to be available.

Several serious vulnerabilities discovered by researchers in industrial routers made by InHand Networks could expose many organizations to remote attacks, and patches do not appear to be available.

The flaws were discovered nearly one year ago by researchers at industrial cybersecurity firm OTORIO in IR615 LTE routers made by industrial IoT solutions provider InHand Networks. The company has offices in China, the U.S. and Germany, and its products are used all around the world. InHand says its customers include Siemens, GE Healthcare, Coca Cola, Philips Healthcare and other major companies.

InHand industrial router vulnerabilitiesAccording to an advisory published last week by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), OTORIO researchers discovered a total of 13 vulnerabilities in the IR615 router.

The list includes critical cross-site request forgery (CSRF), remote code execution, command injection, and weak password policy issues, as well as high-severity improper authorization and cross-site scripting (XSS) vulnerabilities.

CISA warned that malicious actors could exploit the vulnerabilities to take complete control of affected devices and intercept communications in an effort to steal sensitive information.

OTORIO told SecurityWeek that it has identified thousands of internet-exposed InHand routers that could be vulnerable to attacks, but the company noted that exploitation from the internet requires authentication to the router’s web management portal. An attacker could authenticate to the device using default credentials or by leveraging brute-force attacks to obtain login credentials. Brute-force attacks are made easy by the router’s weak password policy and a flaw that can be used to enumerate all valid user accounts.

The cybersecurity firm warned that an attacker could leverage the vulnerabilities to infiltrate an organization. From the InHand device, the attacker could move to other industrial systems within the victim’s network.

SecurityWeek ICS Cyber Security Conference

“The attacker may abuse the Remote Code Execution vulnerability to get a first foothold on the device via running CLI commands; implant a first backdoor on the device as a persistence stage; and start scanning the internal organization network in order to elevate the attacker privileges and move on to sensitive assets on the network,” explained Hay Mizrachi, penetration tester at OTORIO. “The final objective is to achieve Domain Admin privileges on the organization. Of course, if there are additional sensitive networks such as OT networks, the attacker can try to get a foothold and disrupt the day-to-day functioning of the product line floor to cause additional damage and financial costs.”

OTORIO reported its findings to InHand Networks, through CISA, in November 2020. However, CISA said in its advisory that the vendor “has not responded to requests to work with CISA to mitigate these vulnerabilities.” CISA has provided some generic mitigations to help impacted organizations reduce the risk of exploitation.

Advertisement. Scroll to continue reading.

SecurityWeek has reached out to InHand Networks for comment and will update this article if the company responds.

UPDATE 06/30/2022: InHand has informed SecurityWeek that an advisory addressing the vulnerabilities has been published. An update that should patch the flaws has been released. 

Related: Cisco Patches Dozen Vulnerabilities in Industrial Routers

Related: Several Vulnerabilities Expose Phoenix Contact Industrial 4G Routers to Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.