NetComm Wireless 4G LTE Light Industrial M2M Router

Act Now9.8ICS-CERT ICSA-18-221-02Aug 9, 2018

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities in NetComm Wireless 4G LTE Light Industrial M2M Router (NWL-25) firmware version 2.0.29.11 and prior allow exposure of sensitive information, including information disclosure (CWE-200), cross-site request forgery (CWE-352), cross-site scripting (CWE-79), and insecure storage (CWE-548). Successful exploitation could allow an attacker to access sensitive data without authentication, including network credentials, configuration, and communications passing through the device.

What this means

What could happen

An attacker could access sensitive information stored on or transmitted through the router, including network credentials, configuration data, or communications. This could lead to further compromise of connected devices or operational networks.

Who's at risk

Manufacturing facilities and industrial sites that rely on NetComm NWL-25 4G LTE routers for remote connectivity, M2M communications, or backup connectivity to control systems and field devices.

How it could be exploited

An attacker on the network (or over the Internet if the device is exposed) could exploit information disclosure, cross-site request forgery, cross-site scripting, or insecure storage vulnerabilities to read sensitive data from the router or trigger unauthorized actions without authentication.

Prerequisites

Network access to the router (direct or through Internet if exposed)
No credentials required for exploitation of information disclosure vulnerabilities
Router must be running firmware version 2.0.29.11 or earlier

Remotely exploitable over the Internet if device is exposedNo authentication requiredLow complexity exploitAffects data confidentiality and integrityCVSS 9.8 (critical)

Exploitability

Moderate exploit probability (EPSS 1.5%)

Affected products (1)

ProductAffected VersionsFix Status

4G LTE Light Industrial M2M Router (NWL-25) with: firmware 2.0.29.11 and prior≤ 2.0.29.11see NetComm support portal for patched firmware

Remediation & Mitigation

0/3

Do now

0/2

HARDENINGRestrict network access to the router: place behind firewall, isolate from business network, ensure not reachable from the Internet

HARDENINGIf remote access to the router is required, use a VPN with current security patches rather than exposing the device directly to the network

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade NWL-25 router firmware to the latest version available from NetComm Wireless support portal

CVEs (4)

CVE-2018-14782 CVE-2018-14783 CVE-2018-14784 CVE-2018-14785

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/fcba5135-e683-409f-8aad-235d7a8f49e8