"10 Vulnerabilities Found in Widely Used Robustel Industrial Routers"

Security researchers at Cisco’s Talos threat intelligence and research unit have identified several critical vulnerabilities in a widely used industrial cellular IoT gateway made by Chinese company Robustel.  The affected product is the R1510 router, which is designed to provide high-speed wireless network bandwidth in harsh environments.  The researchers noted that the device had been used worldwide and certified by more than 20 mobile network operators in the United States, Europe, and Southeast Asia.  The researchers noted that the vendor patched the vulnerabilities while its researchers were still investigating.  However, Robustel did not release a security advisory, and it did not assign CVE identifiers to the flaws.  Patches for the security holes found by Talos are included in version 3.1.16.  However, the researchers conducted their analysis in April on version 3.3.0, which was the latest available release at the time.  It’s possible that the vendor has made some changes to its version numbering.  Nine of the flaws discovered have been described as command injection issues that can be exploited to execute arbitrary commands by sending specially crafted network requests to the targeted device.  These flaws have been assigned a “critical” severity rating.  The remaining “high severity” vulnerability is a data removal issue that can be exploited using specially crafted network requests to delete arbitrary files.

SecurityWeek reports: "10 Vulnerabilities Found in Widely Used Robustel Industrial Routers"