Security Experts:

Organizations Warned of Critical Vulnerabilities in NetModule Routers

Flashpoint is warning organizations of two newly identified critical vulnerabilities in NetModule Router Software (NRSW) that could be exploited in attacks.

Acquired by Belden earlier this year, NetModule provides IIoT and industrial routers, vehicle routers, and other types of wireless M2M connectivity products.

All of NetModule’s routers run the Linux-based NRSW by default, and can be managed remotely using a remote management platform.

According to Flashpoint, its researchers recently identified two critical flaws in NetModule’s router software that remote attackers could exploit to bypass authentication and access administrative functionality.

The security issues were found in code that NetModule removed from NRSW in 2018, but hundreds of devices are still running the older platform versions and can be accessed from the internet, Flashpoint says.

The cybersecurity firm has not shared technical details on the discovered vulnerabilities, but warns that the continued use of the vulnerable devices exposes organizations to potential exploitation attempts.

Flashpoint also says it has notified NetModule of these vulnerabilities, and that it has encouraged the vendor to inform customers of their existence, even if they do not impact newer device models.

“At the time of this publishing, NetModule clients using vulnerable versions of NRSW have no knowledge of these critical vulnerabilities affecting their devices,” the cybersecurity firm says.

The vendor, Flashpoint says, has “never posted a security advisory or included information in their release changelogs,” meaning that those using the vulnerable software have no idea of the risks they are exposed to.

“NetModule has stated that they have no plans of releasing a security advisory—citing an internal policy of only addressing supported releases. Furthermore, they state that they already publish Discontinuation Notices and continuously ask customers to keep devices up-to-date,” Flashpoint reports.

Using end-of-life products is by default a poor security practice, especially considering the widespread exploitation of older vulnerabilities by both advanced persistent threat (APT) actors and cybercriminals, but vendors should always inform users of potential vulnerabilities in their products.

SecurityWeek has emailed NetModule and Belden for a comment on the matter but has yet to receive a response.

Related: SMBs Exposed to Attacks by Critical Vulnerability in DrayTek Vigor Routers

Related: 10 Vulnerabilities Found in Widely Used Robustel Industrial Routers

Related: SOHO Routers in North America and Europe Targeted With 'ZuoRAT' Malware

view counter