Sierra Wireless AirLink Raven XE and XT
Act Now10ICS-CERT ICSA-17-115-02Apr 25, 2017
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Sierra Wireless AirLink Raven XE and XT contain multiple authentication and authorization flaws (CWE-285, CWE-352, CWE-522) that allow unauthenticated remote attackers to execute arbitrary commands with root privileges. The affected products lack proper input validation and session management. All versions of AirLink Raven XT (below 4.0.11) and AirLink Raven XE (below 4.0.14) are vulnerable. The vulnerabilities require only network access and can be exploited with publicly available tools. No vendor patch is currently available.
What this means
What could happen
An attacker with network access to the AirLink gateway could bypass authentication and execute arbitrary commands, potentially disrupting network connectivity, modifying device settings, or accessing sensitive operational data on connected networks.
Who's at risk
This affects utilities and municipalities using Sierra Wireless AirLink Raven gateways for remote management of SCADA systems, cell tower backhaul, or other critical network infrastructure. Impacts any organization relying on these industrial routers for remote site connectivity.
How it could be exploited
An attacker on the network (or internet if the device is port-forwarded) sends crafted requests directly to the AirLink web interface on port 80/443, exploiting the authentication bypass to gain administrative access and execute system commands with root privileges.
Prerequisites
- Network access to AirLink gateway (port 80 or 443)
- No authentication required
- Device must be reachable from the attacker's network location
Remotely exploitableNo authentication requiredLow attack complexityPublic exploits availableNo patch availableCVSS 10.0 (critical)
Exploitability
Moderate exploit probability (EPSS 7.7%)
Affected products (2)
2 EOL
ProductAffected VersionsFix Status
AirLink Raven XT: all< 4.0.11No fix (EOL)
AirLink Raven XE: all< 4.0.14No fix (EOL)
Remediation & Mitigation
0/5
Do now
0/2WORKAROUNDImmediately restrict network access to the AirLink gateway. Block inbound connections to ports 80 and 443 from untrusted networks using a firewall or network ACL. Only allow connections from authorized management workstations and control system networks.
HARDENINGIsolate AirLink Raven XT and XE devices on a dedicated, segmented network with strict inbound/outbound access controls. Do not allow direct internet access or exposure to untrusted networks.
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXIf your AirLink Raven XT is running firmware < 4.0.11 or Raven XE is running < 4.0.14, contact Sierra Wireless for updated firmware. Verify availability of fixes and plan a maintenance window to upgrade. Note: As of this advisory, no fix has been released; follow Sierra Wireless security updates closely.
Mitigations - no patch available
0/2The following products have reached End of Life with no planned fix: AirLink Raven XT: all, AirLink Raven XE: all. Apply the following compensating controls:
HARDENINGMonitor AirLink gateway access logs for unauthorized login attempts or unfamiliar administrative sessions. Alert on repeated failed authentication or successful logins from unknown IP addresses.
HARDENINGEvaluate whether the AirLink gateway is necessary in your environment. If it is no longer in use or can be replaced with a newer model, plan decommissioning or replacement as a long-term solution.
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/5d18feeb-5be7-423a-a34f-742b686cb1bd