"21 Vulnerabilities in Sierra Wireless Routers Could Expose Critical Infrastructure to Attacks"
According to security researchers at Forescout, some Sierra Wireless cellular routers are affected by 21 vulnerabilities, including ones that could pose a significant risk to impacted organizations, including in critical infrastructure sectors. The vulnerabilities, collectively tracked as "Sierra:21", were found in Sierra Wireless AirLink OT/IoT routers that are often used to connect local networks to the web in sectors such as healthcare, manufacturing, government, energy, water, transportation, emergency services, and retail. Of the 21 vulnerabilities, one has been assigned a "critical severity" rating, and nine are "high severity." They include remote code execution, unauthorized access, authentication bypass, denial-of-service (DoS), and cross-site scripting (XSS) flaws. The researchers noted that some of them can be exploited to steal credentials and take control of a router by injecting malicious code. The researchers stated that an attacker can gain persistent access to a targeted device and use it as an entry point into a critical network. This makes the flaws useful for various types of attacks, including for espionage and causing disruption. Worryingly, the researchers found 86,000 vulnerable routers that are directly exposed to the internet. Only less than 10% of them appear to be patched against known vulnerabilities disclosed since 2019, and many exposed devices have reached end of life and no longer receive patches.