Sierra Wireless has issued urgent guidance on its popular Sierra Wireless AirLink ES450 LTE router and its ALEOS software (used by a further 11 hardware products manufactured by the company) which create problematic flaws when used with Internet of Things products – like Alexa speakers.
These critical flaws caused Sierra Wireless to rush out a series of patch updates to help fix these critical issues.
According to Threat Post:
“Sierra Wireless’ LTE AirLink routers are targeted toward embedded applications like transmitting data for fleets of vehicles (for example, in law enforcement settings, the routers collect data on whether a police car has engaged its lights and siren) and industrial machines (tracking the location of heavy equipment and assets for instance). ALEOS is the software powering these in-field devices, which enables users to collect and view data in real time.
Overall, the company patched seven vulnerabilities – including two critical flaws, and five medium-severity vulnerabilities stemming from the ALEOS software on the AirLink routers: “Successful exploitation of these vulnerabilities could allow attackers to remotely execute code, discover user credentials, upload files, or discover file paths,” according to a Thursday advisory.”