The Swedish manufacturer of telecommunications equipment Westermo has released firmware updates for some models of its 3G and 4G wireless routers, fixing a number of dangerous vulnerabilities. Note that the devices are widely used in commercial organizations, manufacturing plants and critical infrastructure facilities around the world.

The security problems discovered by Qualys researcher Mandar Jadhav affect industrial Westermo MRD-305-DIN routers, MRD-315, MRD-355 and MRD-455 with firmware version up to 1.

During the analysis of the firmware, Jadhav revealed unchangeable SSH and HTTPS certificates together with the corresponding private keys. With their help, an attacker can intercept and decrypt traffic by carrying out a "man in the middle" attack. If the traffic contains administrator credentials, the attacker will be able to gain control of the device with elevated privileges. The vulnerability was identified by CVE-2017-5816 and was fixed in firmware version 1.

Jadhav also discovered immutable data (user / user) for an undocumented account. Vulnerability identified by CVE-2017-12709 allows an attacker to gain access to a device with limited privileges.

The third problem discovered by the researcher (CVE-2017-12703) is a CSRF vulnerability. With its help, an attacker can perform various actions on behalf of an authorized user. Qualys researchers published a simple exploit PoC code, which allows to reboot the system.