InHand Router Flaws Could Expose Many Industrial Companies to Remote Attacks


The flaws were discovered nearly one year ago by researchers at industrial cybersecurity firm OTORIO in IR615 LTE routers made by industrial IoT solutions provider InHand Networks. The company has offices in China, the U.S. and Germany, and its products are used all around the world. InHand says its customers include Siemens, GE Healthcare, Coca Cola, Philips Healthcare and other major companies.

InHand industrial router vulnerabilitiesAccording to an advisory published last week by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), OTORIO researchers discovered a total of 13 vulnerabilities in the IR615 router.

The list includes critical cross-site request forgery (CSRF), remote code execution, command injection, and weak password policy issues, as well as high-severity improper authorization and cross-site scripting (XSS) vulnerabilities.