"Critical Vulnerabilities Provide Root Access to InHand Industrial Routers"

Security researchers at Cisco’s Talos threat intelligence and research unit have discovered 17 vulnerabilities in a wireless industrial router made by InHand Networks, including flaws that can be chained to gain root access by getting a user to click on a malicious link.  The flaws affect the InRouter 302 compact industrial LTE router, which is designed for commercial and industrial environments, including for applications in the hospitality, financial, automotive, utilities, retail, public safety, and energy sectors.  The researchers stated that some of the world’s largest organizations use InHand products.  The security holes, a vast majority of which have been assigned a “critical” or “high severity” rating, can lead to arbitrary file uploads, code execution, privilege escalation, OS command injection, and unauthorized firmware updates.  The researchers noted that the weaknesses affect IR302 version 3.5.37 and prior, and they have been patched with the release of version 3.5.45.  The researchers noted that some of the 17 vulnerabilities in the InRouter 302 product can be chained to gain root access to the device.  The researchers stated that the router can be managed through a web interface or a console that can be accessed via telnet or SSH, but users should not have access to the underlying Linux system.

SecurityWeek reports: "Critical Vulnerabilities Provide Root Access to InHand Industrial Routers"