Sierra has launched a security alert mentioning that its AirLink router model, thought for Internet of Things (IoT) applications, are exposed to the exploitation of some known vulnerabilities, reported cyber forensics course specialists.
Vulnerabilities affecting AirLink devices are
part of a list of 11 critical security flaws in Sierra Wireless routers,
published a few days ago. In addition, the company mentions that
vulnerabilities also impact other router models that use the same software
This router model was designed to operate in
integrated applications, such as data transmission in fleets of vehicles
(patrol data collection, for example), application in industrial environments
(real-time equipment tracking). For its part, the ALEOS software is responsible
for operating the devices in real environments.
Sierra Wireless corrected seven vulnerabilities,
two of them critical, cyber forensics course experts mentioned. As reported, if
successfully exploited, these vulnerabilities would allow a threat actor to
execute code remotely, extract users’ credentials, and find routes to system
The most severe vulnerabilities are a
command-injection flaw in the operating system (tracked as CVE-2018-4061), as
well as a flaw that allows hackers to load files without restriction.
Vulnerabilities are considered critical and have received a score of 9.1/on the
Common Vulnerability Scoring System (CVSS) scale.
According to cyber forensics course specialists,
an attacker could easily exploit these vulnerabilities, using only a specially
designed HTTP request to then load a file that will derive in the executable
The other vulnerabilities received average
scores; these included a flaw to forge cross-site requests, a vulnerability to
to run in the user’s browser.
According to specialists from the International
Institute of Cyber Security (IICS), the company also corrected two security
flaws that impact all of its router models that could expose them to multiple
variants of remote hacking.