Major Security Flaw Exposes Widespread Vulnerabilities in Milesight Industrial Router

Dozens of RCE Vulnerabilities Impact Milesight Industrial Router

Cisco’s Talos security researchers have warned of critical- and high-severity vulnerabilities in the Milesight UR32L industrial router that could lead to remote code execution (RCE). The UR32L router, which provides WCDMA and 4G LTE support, Ethernet ports, and remote device management, is widely used for Machine-to-Machine (M2M) and Internet of Things (IoT) applications. Talos submitted more than 20 vulnerability reports during their investigation, resulting in the assignment of 69 CVEs. Out of these, 63 vulnerabilities impact the industrial router.

The Most Severe Vulnerability

The most severe vulnerability identified is CVE-2023-23902, which has a CVSS score of 9.8. It is described as a buffer overflow vulnerability in the router’s HTTP server login functionality, allowing remote code execution through network requests. Talos states that this vulnerability is a pre-authentication remote stack-based buffer overflow, and an unauthenticated attacker who can communicate with the HTTP server could execute remote commands.

High-Severiy Flaws

Aside from the most severe vulnerability, the remaining vulnerabilities impacting the UR32L router are high-severity flaws, most of which could also lead to arbitrary code execution or command execution. Additionally, vulnerabilities impacting the MilesightVPN application, which is provided to ensure that the UR32L router is not exposed to the internet, can be exploited to execute commands, read arbitrary files, bypass authentication, and inject arbitrary JavaScript code. One such vulnerability, CVE-2023-22319, allows for authentication bypass in the VPN software, which could enable an attacker to then execute arbitrary code on the device by exploiting CVE-2023-23902.

No Software Update Released

Talos notes that the vulnerabilities were reported to the vendor in February 2023, but no software update has been released to address them. SecurityWeek reached out to Milesight for a statement on the matter but has not yet received a response. It is concerning that even after being notified about the vulnerabilities, there has been no action taken to patch the router and address these critical security flaws.

Analysis and Opinion

This incident once again highlights the importance of security in industrial routers and IoT devices. The Milesight UR32L router plays a crucial role in M2M and IoT applications, making it a valuable target for attackers. The number of vulnerabilities discovered by Talos is significant and raises questions about the overall security posture of the router and the vendor’s approach to security.

Security in Industrial Routers

Industrial routers are a crucial component of critical infrastructure and industrial control systems (ICS). They connect machines, devices, and systems, enabling seamless communication and control. However, these routers also become potential targets for attackers seeking to disrupt operations, cause damage, or gain unauthorized access. As such, it is imperative that industrial routers undergo rigorous security testing and receive regular updates and patches to address vulnerabilities.

Internet of Things Security

The vulnerabilities identified in the Milesight UR32L router also highlight the ongoing challenges associated with securing IoT devices. IoT devices often have limited computational power, making it challenging to implement robust security measures. Additionally, these devices often have long lifecycles and may not receive regular updates or patches from vendors. To ensure the security of IoT devices, manufacturers must prioritize security in both the design and manufacturing phases, with ongoing support and updates throughout the device’s lifecycle.

Advice for Users

If you are using the Milesight UR32L industrial router or any other IoT device, it is crucial to take proactive steps to ensure its security:

Regular Updates and Patches

Check for software updates and patches regularly from the vendor. Apply these updates as soon as they become available to address any known vulnerabilities.

Segmentation and Access Control

Isolate your IoT devices from critical systems and networks. Use network segmentation and access control measures to limit access to these devices and minimize the potential impact of a compromise.

Strong Authentication and Encryption

Implement strong authentication mechanisms, such as unique passwords or two-factor authentication, to prevent unauthorized access to your devices. Additionally, ensure that your devices are using encryption protocols to protect data transmission.

Vendor Security Practices

Take into account the security track record and practices of the vendors you choose for IoT devices. Research their reputation for addressing security vulnerabilities and actively releasing updates to address any identified issues.

Monitor for Vulnerability Disclosures

Stay informed about vulnerability disclosures related to your IoT devices and industrial routers. Follow security researchers and organizations like Cisco Talos, who regularly share information about vulnerabilities and best practices in securing IoT devices.

By following these steps, users can enhance the security of their IoT devices and mitigate the risk of falling victim to vulnerabilities like those found in the Milesight UR32L industrial router. Ultimately, it is crucial for users and vendors alike to prioritize security in IoT devices to build a more secure and resilient ecosystem.