Nine vulnerabilities have recently been discovered in Robustel’s R1510 dual-ethernet port router by the Cisco Talos team. These vulnerabilities can cause issues could allow for attackers to inject system code remotely, remove arbitrary files, and crash the webserver. The first five, TALOS-2022-1578 (CVE-2022-34850), TALOS-2022-1577 (CVE-2022-33150), TALOS-2022-1576 (CVE-2022-32765), TALOS-2022-1573 (CVE-2022-33325 – CVE-2022-33329), TALOS-2022-1572 (CVE-2022-33312 – CVE-2022-33314) are all system code injection vulnerabilities and have a severity score of 9.1 out of 10. TALOS-2022-1580 (CVE-2022-34845) and TALOS-2022-1570 (CVE-2022-32585) both could also lead to arbitrary code execution but require admin login. The last two, TALOS-2022-1575 (CVE-2022-35261 – CVE-2022-35271 and TALOS-2022-1571 (CVE-2022-28127) are the denial-of-service and arbitrary file removal vulnerabilities.
Analyst Notes
Robustel and Cisco have worked together to put out an update that will mitigate these issues. It is advised that any Robustel R1510 routers using version 3.3.0 and 3.1.16 are updated immediately. A list of SNORT rules has also been released, those include, 60007 – 60035, 60388-60391, 60393 and 6045. It is possible these rules may change, or additional rules may be added moving forward.
https://blog.talosintelligence.com/2022/10/vuln-spotlight-robustel-router.html
