'The research uncovered eight vulnerabilities that affect thousands of internet-connected devices worldwide. Multiple attack vectors were identified during the research, including the exploitation of internet-exposed services, cloud account takeover, and cloud infrastructure vulnerabilities.

'An attacker successfully exploiting these industrial routers and IoT devices can cause a number of impacts on compromised devices and networks, including monitoring network traffic and stealing sensitive data, hijacking internet connections in order to route traffic to malicious sites, or inject malware into traffic. Also, an attacker may exploit these issues to access and control networked devices and change router settings in order to manipulate configurations such as DNS settings or firewall rules. The compromised industrial devices may also be used to launch attacks against other devices or networks.

'CISA's advisory assesses one of the vulnerabilities a CVSS v3 score of 10.

'Teltonika offers a wide range of network solutions and devices, however, we’ve looked at the RUT241 and RUT955 devices in particular. These devices are part of the company’s industrial cellular routers product line and offer 4G LTE, WiFi, and Ethernet communication designed specifically for industrial environments and commercial applications.

'Teltonika RMS cloud-based management platform is vulnerable to an unauthorized attacker registering previously unregistered devices on the RMS, but only if the router’s RMS management feature, which is enabled by default, has not been disabled. This could enable the attacker to perform different operations from the cloud on unsuspecting users' routers, including remote code execution with root privileges (using the Task Manager feature on RMS)'.

#ITOTConvergence #SecureByDefaultAndDesign
https://www.otorio.com/blog/teltonikia-cloud-takeover-vulnerability-exposed/