Carding 4 Carders
Professional
- Messages
- 2,724
- Reaction score
- 1,578
- Points
- 113
A sent Cossack in other people's networks will collect all the data and not even arouse suspicion.
Several high-severity vulnerabilities were found in ConnectedIO ER2000 routers and the corresponding cloud management platform. Threats allow attackers to execute malicious code and gain access to sensitive data.
As Claroty's Noam Moshe points out, attackers could use these threats to completely compromise the cloud infrastructure, execute code remotely, and gain access to all client and device information.
Vulnerabilities in ConnectedIO 3G / 4G routers can put thousands of internal networks at risk, allowing hackers to take control, intercept traffic, and even break into the Advanced Internet of Things (XIoT).
The detected shortcomings affecting ConnectedIO v2.1.0 and earlier versions of the platform mainly relate to the ER2000 4G router and related cloud services. These vulnerabilities can be exploited simultaneously, allowing attackers to execute arbitrary code on cloud devices without direct access to them.
Using hard-coded credentials for authentication in the communication protocol between devices and the cloud can be used to register a pirated device on the network and access messages, Wi-Fi settings, SSIDs, and passwords from other network devices through it.
The severity of the identified threats lies in the fact that an attacker can not only impersonate any device of their choice using leaked IMEI numbers, but also force these devices to execute arbitrary commands.
All vulnerabilities found received a CVSS score of 8.6 points out of 10. They were assigned the following CVE IDs:
Noam Moshe emphasizes that if these threats are exploited in real attacks, it can pose a serious risk to thousands of organizations around the world, giving attackers the opportunity to influence business and production, as well as gain access to the internal networks of vulnerable companies.
Several high-severity vulnerabilities were found in ConnectedIO ER2000 routers and the corresponding cloud management platform. Threats allow attackers to execute malicious code and gain access to sensitive data.
As Claroty's Noam Moshe points out, attackers could use these threats to completely compromise the cloud infrastructure, execute code remotely, and gain access to all client and device information.
Vulnerabilities in ConnectedIO 3G / 4G routers can put thousands of internal networks at risk, allowing hackers to take control, intercept traffic, and even break into the Advanced Internet of Things (XIoT).
The detected shortcomings affecting ConnectedIO v2.1.0 and earlier versions of the platform mainly relate to the ER2000 4G router and related cloud services. These vulnerabilities can be exploited simultaneously, allowing attackers to execute arbitrary code on cloud devices without direct access to them.
Using hard-coded credentials for authentication in the communication protocol between devices and the cloud can be used to register a pirated device on the network and access messages, Wi-Fi settings, SSIDs, and passwords from other network devices through it.
The severity of the identified threats lies in the fact that an attacker can not only impersonate any device of their choice using leaked IMEI numbers, but also force these devices to execute arbitrary commands.
All vulnerabilities found received a CVSS score of 8.6 points out of 10. They were assigned the following CVE IDs:
- CVE-2023-33375: Stack-based buffer overflow vulnerability in the communication protocol;
- CVE-2023-33376: ip table command message argument injection vulnerability in the communication protocol;
- CVE-2023-33377: Operating system command injection vulnerability in the set firewall command in the communication protocol;
- CVE-2023-33378: Argument injection vulnerability in the communication protocol AT command message.
Noam Moshe emphasizes that if these threats are exploited in real attacks, it can pose a serious risk to thousands of organizations around the world, giving attackers the opportunity to influence business and production, as well as gain access to the internal networks of vulnerable companies.
