High-Severity Flaws in ConnectedIO’s 3G/4G Routers Raise Concerns for IoT Security
Exploited in the wide
Associated Threat actor \Malware/campaign
Vulnerabilities in 3G/4G routers could expose thousands of internal networks to severe threats, enabling bad actors to seize control, intercept traffic, and even infiltrate Extended Internet of Things (XIoT) things.
vulnerabilities have been disclosed in ConnectedIO’s ER2000 edge routers and the cloud-based management platform that could be exploited by malicious actors to execute malicious code and access sensitive data
The shortcomings impacting the ConnectedIO platform versions v2.1.0 and prior, primarily the 4G ER2000 edge router and cloud services, could be chained, permitting attackers to execute arbitrary code on the cloud-based devices without requiring direct access to them
An attacker could have leveraged these flaws to fully compromise the cloud infrastructure, remotely execute code, and leak all customer and device information
Update ConnectedIO v2.1.0 to the latest version.