Forescout recently identified 21 vulnerabilities, named ‘Sierra:21’, in Sierra Wireless AirLink OT/IoT routers, with one critical and nine high-severity flaws. These vulnerabilities encompass issues like remote code execution, unauthorized access, authentication bypass, denial-of-service, and cross-site scripting. Exploitation could lead to credential theft, device control, and persistent access, posing risks across critical sectors like healthcare and manufacturing. Alarmingly, 86,000 exposed routers lack patches, and many are beyond their end-of-life support. Sierra Wireless issued a November 28 advisory, urging users to update to ALEOS 4.17, patching these vulnerabilities. The vendor also recommended avoiding direct exposure of devices to the internet. However, Forescout highlighted a patch delay of 128-133 days, emphasizing the urgency for prompt mitigation in critical infrastructure.

Read more: https://www.securityweek.com/21-vulnerabilities-in-sierra-wireless-routers-could-expose-critical-infrastructure-to-attacks/