Critical Vulnerabilities Found in mbNET.mini Industrial Routers Could Allow for Full System Takeover
A security advisory issued by CERT@VDE has revealed multiple critical vulnerabilities in the mbNET.mini industrial router, a widely used device designed for secure remote access to industrial machines and systems. The router, produced by MB connect line, is essential for managing devices remotely, but these new vulnerabilities have exposed significant risks, allowing for remote code execution (RCE) and unauthorized access.
Vulnerabilities Unveiled:
- CVE-2024-45274 (CVSS 9.8): This critical vulnerability allows unauthenticated attackers to execute arbitrary OS commands remotely via UDP, effectively granting them full control over the device.
- CVE-2024-45275 (CVSS 9.8): Adding to the severity, the mbNET.mini contains hardcoded user accounts with default passwords, providing attackers with an easy avenue to compromise the device.
- CVE-2024-45271 (CVSS 8.4): Even local attackers can exploit the device. This vulnerability enables unauthorized privilege escalation through the deployment of a malicious configuration file.
- CVE-2024-45273 (CVSS 8.4): Weak encryption implementation allows attackers to decrypt the device’s configuration files, potentially exposing sensitive information and facilitating further attacks.
- CVE-2024-45276 (CVSS 7.5): Attackers can gain unauthorized read access to files stored in the “/tmp” directory, potentially leaking sensitive data.
Impact and Remediation:
The implications of these vulnerabilities are significant. Successful exploitation could lead to:
- Complete system takeover: Attackers could gain full control of the mbNET.mini and any connected industrial equipment.
- Data breaches: Sensitive operational data and configuration files could be stolen or manipulated.
- Disruption of operations: Attackers could disrupt industrial processes, leading to downtime and financial losses.
MB connect line has addressed these vulnerabilities in version 2.3.1 of the mbNET.mini firmware. Users are strongly urged to update their devices immediately to mitigate the risk of exploitation.
