LOYTEC Fixes Router Vulnerability

Tuesday, December 8, 2015 @ 05:12 PM gHale

LOYTEC produced a firmware update to mitigate a password file vulnerability in its LIP-3ECTB routers, according to a report on ICS-CERT.

This vulnerability, discovered by Independent researcher Maxim Rupp, is remotely exploitable.

Holes Filled in Advantech ICS Gateways
SearchBlox Fixes File Exfiltration Issue
Honeywell Fixes Gas Detector Holes
Saia Burgess Controls Fixes Hole

The following LOYTEC routers suffer from the issue:
• LIP-3ECTB Version 6.0.1
• LINX-100
• LVIS-3E100
• LIP-ME201

A backup file containing hashes of users’ passwords can end up downloaded.

LOYTEC’s headquarters is in Germany and the company has distributors in the U.S. and France.

The affected product, LIP-3ECTB, is an IP network router device. This router sees action in the critical manufacturing and energy sectors. LOYTEC sees use on a global basis.

A backup file can end up downloaded that contains the hash for users’ passwords.

CVE-2015-7906 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.1.

No known public exploits specifically target this vulnerability. Crafting a working exploit for this vulnerability would not be difficult. An attacker with a low skill would be able to exploit this vulnerability.

LOYTEC has released a firmware update, V6.02, for these routers. LOYTEC recommends customers update to the new firmware update, V6.02.