Claroty’s Team82 has uncovered multiple critical vulnerabilities in Connected IO’s ER2000 edge routers.
The vulnerabilities discovered affected not only the edge routers, but also Connected IO’s cloud-based device management platform, and the communication protocol used between devices and the cloud.
“These vulnerabilities, if exploited, could pose serious risk for thousands of companies around the world, allowing attackers to disrupt the companies’ business and production, along with giving them access to the companies’ internal networks,” says Claroty in a blog post detailing how they discovered the vulnerabilities and exploited them.
According to Claroty, an attacker could have easily leveraged these flaws to fully compromise the company’s cloud infrastructure, remotely execute code, and leak all customer and device information.
The vulnerabilities affect all unpatched devices, enabling attackers to execute arbitrary code on these devices without requiring direct access to them, or exposing them to the internet. All vulnerabilities were disclosed to ConnectedIO, which has provided firmware updates that address all of the vulnerabilities. Users are protected automatically as these updates were made to the cloud infrastructure and edge devices.
Because 3G and 4G routers like the ER2000 act as gateways to the internet when devices can’t directly connect online, locking down the routers and gateways is crucial to the integrity and availability of the IoT devices and backend services behind them, according to Claroty.
Claroty’s Team82 presented its research at S4x23 earlier this year.