Multiple Westermo Routers are prone to the following security vulnerabilities:
1. A hard-coded credentials vulnerability
2. A cross-site request forgery vulnerability
3. A hard-coded cryptographic key vulnerability
Attackers can exploit these issues to bypass authentication mechanisms, to perform unauthorized actions and gain access to the affected application and to read and modify intercepted traffic.
Information
CVE-2017-12709
CVE-2017-12703
CVE-2016-5816
Westermo MRD-355 1.7.5.0
Westermo MRD-315 1.7.5.0
Westermo MRD-305-DIN 1.7.5.0
Westermo MRD-355 1.7.7.0
Westermo MRD-315 1.7.7.0
Westermo MRD-305-DIN 1.7.7.0
Exploit
Attackers can use readily available tools to exploit these issues.
References: