Three vulnerabilities found in a variety of Korenix JetWave industrial access points and LTE cellular gateways may allow attackers to either disrupt their operation or to use them as a foothold for further attacks, CyberDanube researchers have found.
“If such a device is acting as key device in an industrial network, or controls various critical equipment via serial ports, more extensive damage in the corresponding network can be done by an attacker,” the researchers noted.
The vulnerabilities, which have yet to be assigned CVE numbers, include:
- Two command injection flaws in the devices’ web server
- One vulnerability that could be triggered to achieve denial of web service
All three vulnerabilities require attackers to authenticate before launching an exploit.
