I-O DATA Routers Under Attack: Urgent Firmware Update Needed!
Multiple vulnerabilities have been discovered in I-O DATA routers UD-LT1 and UD-LT1/EX, and active exploitation is already underway. JPCERT/CC, a Japanese cybersecurity organization, issued a warning that these vulnerabilities leave devices open to serious attacks, including credential theft, command execution, and complete firewall bypass.
“The developer states that attacks exploiting these vulnerabilities have been observed,” warns JPCERT/CC in their official vulnerability note. This means malicious actors are already aware of these weaknesses and actively using them to compromise vulnerable routers.
What are the vulnerabilities?
The vulnerabilities affect firmware versions 2.1.8 and earlier and include:
- CVE-2024-45841: An attacker with guest account access can exploit this flaw to steal credentials. JPCERT/CC explains, “If an attacker with the guest account of the affected products accesses a specific file, the information containing credentials may be obtained.”
- CVE-2024-47133: This vulnerability allows a logged-in administrator to execute arbitrary OS commands, potentially granting an attacker full control of the device.
- CVE-2024-52564: This is the most serious vulnerability, allowing a remote attacker to disable the firewall and execute commands or change device settings. JPCERT/CC warns, “A remote attacker may disable the firewall function of the affected products. As a result, an arbitrary OS command may be executed and/or configuration settings of the device may be altered.”
What should you do?
I-O DATA has already released firmware version 2.1.9 to address CVE-2024-52564. Users of affected routers should update their firmware immediately. Updates for CVE-2024-45841 and CVE-2024-47133 are expected around December 18, 2024. In the meantime, I-O DATA recommends checking and modifying router settings as a temporary workaround.
Outdated firmware can contain critical security flaws that leave your network vulnerable to attack. Always check for updates regularly and install them as soon as they become available. For detailed information and specific instructions, refer to the official advisory from I-O DATA.
