Home Vulnerabilities found in ConnectedIO’s ER2000 edge routers and cloud-based management platform

Vulnerabilities found in ConnectedIO’s ER2000 edge routers and cloud-based management platform

Several high-risk security vulnerabilities have been found in ConnectedIO’s ER2000 edge routers and the cloud-based management platform, raising questions about IoT security. Malicious actors could exploit these weaknesses to execute harmful code and access sensitive information. An analysis by Claroty’s Noam Moshe revealed that an attacker might use these vulnerabilities to entirely compromise the cloud infrastructure, execute code remotely, and leak customer and device details.

As the adoption of IoT devices continues to rise, concerns about the overall security and protection of user data in these devices are becoming increasingly important. Addressing these vulnerabilities, ConnectedIO has been urged by both researchers and cybersecurity experts to implement effective security measures and provide timely updates to ensure users are protected against potential threats.

“The vulnerabilities in 3G/4G routers could expose thousands of internal networks to serious threats. IoT hazards may allow bad actors to gain control, intercept traffic, and infiltrate Extended Internet of Things (XIoT) devices.” The issues affect ConnectedIO platform versions v2.1.0 and earlier, specifically the 4G ER2000 edge router and cloud services. Attackers could chain these vulnerabilities together to execute arbitrary code on cloud-based devices without needing direct access.

By exploiting these weaknesses, cybercriminals can easily bypass security measures and gain unauthorized access to sensitive information. Organizations and individuals must update their devices to the latest firmware version to mitigate the risks associated with these vulnerabilities.

Additional weaknesses were discovered in the communication protocol between the devices and the cloud, including using fixed authentication credentials. These can be exploited to register an unauthorized device and access MQTT messages containing device identifiers, Wi-Fi settings, SSIDs, and passwords from routers. Attackers gaining access to this information could potentially monitor or manipulate the devices, putting user privacy and security at risk.

A threat actor could impersonate any device using leaked IMEI numbers and force the execution of arbitrary commands published via specially designed MQTT messages through a bash command with the opcode “1116.” Consequently, this security vulnerability exposes a myriad of devices to potential cyberattacks, leading to unauthorized access, data breaches, and even full system control. It is essential for users and manufacturers to ensure their devices are updated with the latest software patches to mitigate such risks and enhance protection against these attacks.

Manufacturers need to address these vulnerabilities and implement robust security measures to protect both the communications between devices and the cloud and the information stored within these devices.

Featured Image Credit: Photo by Cottonbro Studio; Pexels; Thank you!

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Deanna Ritchie
Former Editor

Deanna was an editor at ReadWrite until early 2024. Previously she worked as the Editor in Chief for Startup Grind, Editor in Chief for Calendar, editor at Entrepreneur media, and has over 20+ years of experience in content management and content development.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.