### #RouterExploits #FirmwareFlaws #IOTSecurity
Summary: Recent vulnerabilities in I-O DATA routers UD-LT1 and UD-LT1/EX have been identified, with active exploitation already reported. JPCERT/CC warns that these flaws could lead to serious security breaches, including credential theft and unauthorized command execution.
Threat Actor: Malicious Actors | Malicious Actors
Victim: I-O DATA Router Users | I-O DATA Router Users
Key Point :
- Multiple vulnerabilities affect firmware versions 2.1.8 and earlier, with active exploitation reported.
- CVE-2024-45841 allows credential theft via guest account access to specific files.
- CVE-2024-47133 enables logged-in administrators to execute arbitrary OS commands.
- CVE-2024-52564 permits remote attackers to disable firewalls and execute commands, posing a significant threat.
- Firmware version 2.1.9 is available to address CVE-2024-52564; users should update immediately.
- Further updates for CVE-2024-45841 and CVE-2024-47133 are expected by December 18, 2024.
- Users are advised to check and modify router settings as a temporary workaround until updates are available.
Multiple vulnerabilities have been discovered in I-O DATA routers UD-LT1 and UD-LT1/EX, and active exploitation is already underway. JPCERT/CC, a Japanese cybersecurity organization, issued a warning that these vulnerabilities leave devices open to serious attacks, including credential theft, command execution, and complete firewall bypass.
“The developer states that attacks exploiting these vulnerabilities have been observed,” warns JPCERT/CC in their official vulnerability note. This means malicious actors are already aware of these weaknesses and actively using them to compromise vulnerable routers.
What are the vulnerabilities?
The vulnerabilities affect firmware versions 2.1.8 and earlier and include:
- CVE-2024-45841: An attacker with guest account access can exploit this flaw to steal credentials. JPCERT/CC explains, “If an attacker with the guest account of the affected products accesses a specific file, the information containing credentials may be obtained.”
- CVE-2024-47133: This vulnerability allows a logged-in administrator to execute arbitrary OS commands, potentially granting an attacker full control of the device.
- CVE-2024-52564: This is the most serious vulnerability, allowing a remote attacker to disable the firewall and execute commands or change device settings. JPCERT/CC warns, “A remote attacker may disable the firewall function of the affected products. As a result, an arbitrary OS command may be executed and/or configuration settings of the device may be altered.”
What should you do?
I-O DATA has already released firmware version 2.1.9 to address CVE-2024-52564. Users of affected routers should update their firmware immediately. Updates for CVE-2024-45841 and CVE-2024-47133 are expected around December 18, 2024. In the meantime, I-O DATA recommends checking and modifying router settings as a temporary workaround.
Outdated firmware can contain critical security flaws that leave your network vulnerable to attack. Always check for updates regularly and install them as soon as they become available. For detailed information and specific instructions, refer to the official advisory from I-O DATA.
Related Posts:
Source: https://securityonline.info/i-o-data-routers-under-attack-urgent-firmware-update-needed