{"id":89313,"date":"2024-08-06T08:00:11","date_gmt":"2024-08-06T15:00:11","guid":{"rendered":"https:\/\/forescoutstage.wpengine.com\/?p=89313"},"modified":"2024-08-06T08:30:40","modified_gmt":"2024-08-06T15:30:40","slug":"firmware-vulnerabilities-run-rampant-in-cellular-routers","status":"publish","type":"post","link":"https:\/\/www.forescout.com\/blog\/firmware-vulnerabilities-run-rampant-in-cellular-routers\/","title":{"rendered":"Firmware Vulnerabilities Run Rampant in Cellular Routers"},"content":{"rendered":"<p>The current state of OT\/IOT security is being repainted with a new coat of risk. The shade of color? Cellular routers and the vulnerabilities within firmware.<\/p>\n<p>In our <a href=\"\/research-labs\/ot-iot-routers-in-the-software-supply-chain\/\">new report<\/a> with Finite State, our joint research explores the risks organizations face within the software supply chains of OT\/IoT routers.<\/p>\n<p>Hardware has firmware \u2013 operational software \u2013 within its memory components.<\/p>\n<p>Router vulnerabilities are hard to eliminate because firmware images frequently depend on outdated components for compatibility. The danger? Threat actors who can target many devices \u2013 and router locations \u2013 with a single exploit. When connected, these routers can be remotely monitored and controlled.<\/p>\n<p>A large hospital network may procure hundreds of these hardware assets connected between mobile, real-time monitoring and information sharing applications. A fleet management or logistics enterprise may have thousands of LTE 4G routers.<\/p>\n<p>As Forescout Research Vedere Labs has discovered, the depth of the firmware vulnerability problem is real. Last year, we examined a single hardware vendor with <a href=\"\/blog\/sierra21-supply-chain-vulnerabilities-iot-ot-routers\/\">21 new software component vulnerabilities<\/a>.<\/p>\n<div style=\"display: block; margin: 10px; border-top: 1px solid #CCCCCC; border-bottom: 1px solid #CCCCCC; padding: 10px;\">\n<h4>Rough Around the Edges: Top Router Firmware Vulnerabilities<\/h4>\n<p class=\"u-display-flex u-flex-wrap u-gap\"><a href=\"\/webinars\/rough-around-the-edges-webinar\/\"  title=\"Register For The Webinar\" class=\"c-btn c-btn--primary has-icon icon-camera icon-position-right has-icon-animation icon-animation-pulse\"><span class=\"cta-button-text\">Register For The Webinar<\/span><\/a> <a href=\"\/research-labs\/ot-iot-routers-in-the-software-supply-chain\/\"  title=\"GET The Full Report\" class=\"c-btn c-btn--primary c-btn--outline u-flex-auto u-flex-initial@sm u-justify-center u-justify-start@sm has-icon icon-arrow-right icon-position-right has-icon-animation icon-animation-fade-in\"><span class=\"cta-button-text\">GET The Full Report<\/span><\/a>\n<\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-89318\" src=\"\/wp-content\/uploads\/2024\/08\/sierra-screenshot_1-1.jpg\" alt=\"\" width=\"2020\" height=\"600\" srcset=\"https:\/\/www.forescout.com\/wp-content\/uploads\/2024\/08\/sierra-screenshot_1-1.jpg 2020w, https:\/\/www.forescout.com\/wp-content\/uploads\/2024\/08\/sierra-screenshot_1-1-300x89.jpg 300w, https:\/\/www.forescout.com\/wp-content\/uploads\/2024\/08\/sierra-screenshot_1-1-1024x304.jpg 1024w, https:\/\/www.forescout.com\/wp-content\/uploads\/2024\/08\/sierra-screenshot_1-1-768x228.jpg 768w, https:\/\/www.forescout.com\/wp-content\/uploads\/2024\/08\/sierra-screenshot_1-1-1536x456.jpg 1536w\" sizes=\"auto, (max-width: 2020px) 100vw, 2020px\" \/><\/p>\n<p>With this awareness, Vedere Labs has expanded its research with Finite State to answer these questions:<\/p>\n<ol>\n<li><strong>How severe are these firmware vulnerabilities across router vendors?<\/strong><\/li>\n<li><strong>Can we help develop a method to help expose vulnerabilities?<\/strong><\/li>\n<\/ol>\n<p>Instead of adding to the noise of threats and attack surfaces, we decided to shift focus towards existing vulnerabilities that are known and matter today.<\/p>\n<p>Today, we offer the results of the findings.<\/p>\n<h4>Included in this new research are:<\/h4>\n<ul>\n<li>The number of vulnerabilities discovered<\/li>\n<li>The number of Critical and High CVSS scores<\/li>\n<li>The number of \u2018n-day\u2019 vulnerabilities<\/li>\n<li>The average component age of firmware vs. the maximum age of the component<\/li>\n<li>The number of security findings by vendor component<\/li>\n<\/ul>\n<p><a href=\"\/research-labs\/ot-iot-routers-in-the-software-supply-chain\/\"><strong>Get the research<\/strong><\/a><\/p>\n<h3>Firmware Vulnerabilities: Why Would Attackers Target Cellular Routers?<\/h3>\n<p>The scope of cellular router use is deep within critical infrastructure and in industrial operations environments. There are more use cases than you might realize. State-sponsored hacktivists or financially motivated attackers will leverage any opening they find to disrupt or extort after taking control.<\/p>\n<p>These routers are essential to having reliable business operations. But when it comes to keeping these devices secure and up to date with the latest patches, things are amiss.<\/p>\n<p><a href=\"\/research-labs\/ot-iot-routers-in-the-software-supply-chain\/\">See how and why<\/a> \u2014 with all the data.<\/p>\n<p>Cellular routers are used widely in edge computing \u2013 especially in remote locations where internet performance needs to be robust. They provide internet access and network connectivity in scenarios where traditional wired connections may be impractical or unavailable. Some of these routers, such as LTE 4G routers, allow high-speed, high throughput data transfer\u00a0with precision.<\/p>\n<p>Picture a remote, rural electrical substation where an operator needs to test or fix equipment \u2013 and needs to report findings directly into a software system.<\/p>\n<p>They can also be used in incredibly busy environments \u2013 like a hospital or a transportation hub \u2013 where dependencies on having and relaying information are time sensitive and being on-the-go is essential. They provide fast operational processing for the user at their location.<\/p>\n<p>\u201cThe coverage and reliability afforded by cellular networks means that networked devices, industrial components, and appliances can send and receive data in volume for precision monitoring and control,\u201d explains <a href=\"https:\/\/www.data-alliance.net\/blog\/author\/george-hardesty\" target=\"_blank\" rel=\"noopener\">George Hardesty<\/a>, founder and president of Data Alliance in a \u201c<a href=\"https:\/\/www.data-alliance.net\/blog\/lte-4g-routers-guide\/\" target=\"_blank\" rel=\"noopener\">LTE \/ 4G Routers Guide<\/a>\u201d.<\/p>\n<h2>Common cellular router use cases<\/h2>\n<p><strong>Industrial and infrastructure-intense settings<\/strong><\/p>\n<ul>\n<li>Utility and grid intelligence with IoT devices for renewable and non-renewable environments \u2013 and smart metering<\/li>\n<li>Generators<\/li>\n<li>Lighting including critical, \u2018always on\u2019 airport runways and cell towers<\/li>\n<li>Industrial refrigeration<\/li>\n<li>Irrigation systems<\/li>\n<li>Sewage systems<\/li>\n<\/ul>\n<p><strong>Fleet management<\/strong><\/p>\n<ul>\n<li>Emergency police and fire departments<\/li>\n<li>School buses<\/li>\n<li>Vehicle telemetry<\/li>\n<li>Haulage and heavy goods vehicles<\/li>\n<\/ul>\n<p><strong>Physical security<\/strong><\/p>\n<ul>\n<li>Alarm-based property monitoring<\/li>\n<li>Sensor data from doors and windows<\/li>\n<\/ul>\n<p><strong>\u00a0<\/strong><\/p>\n<h2>Why SBOMs Are Critical to the Security of Routers<\/h2>\n<p>It\u2019s time-consuming work to understand <em>all<\/em> the elements inside these routers and how they behave. Finding all the intricate components used in common models of a specific class of assets is difficult at scale. Hence, the need for a Software Bill of Materials (SBOM) and the work of <a href=\"https:\/\/finitestate.io\/\" target=\"_blank\" rel=\"noopener\">Finite State<\/a>.<\/p>\n<p>Here is how we conducted this research:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-89265\" src=\"https:\/\/www.forescout.com\/wp-content\/uploads\/2024\/08\/Rough-Around-the-Edges-Charts-Figure.png\" alt=\"\" width=\"1200\" height=\"655\" srcset=\"https:\/\/www.forescout.com\/wp-content\/uploads\/2024\/08\/Rough-Around-the-Edges-Charts-Figure.png 1200w, https:\/\/www.forescout.com\/wp-content\/uploads\/2024\/08\/Rough-Around-the-Edges-Charts-Figure-300x164.png 300w, https:\/\/www.forescout.com\/wp-content\/uploads\/2024\/08\/Rough-Around-the-Edges-Charts-Figure-1024x559.png 1024w, https:\/\/www.forescout.com\/wp-content\/uploads\/2024\/08\/Rough-Around-the-Edges-Charts-Figure-768x419.png 768w\" sizes=\"auto, (max-width: 1200px) 100vw, 1200px\" \/><\/p>\n<p>We applied this methodology to five popular OT\/IoT router vendors: Acksys, Digi, MDEX, Teltonika, and Unitronics. These vendors all produce firmware that hosts the vulnerabilities.<\/p>\n<h2>What We Discovered When Researching Firmware Vulnerabilities<\/h2>\n<h3>OpenWrt Is Everywhere<\/h3>\n<p>OpenWrt is a software that is used earlier on in the process of connecting critical devices to the network for remote control and monitoring. OpenWrt is used in the majority of router vendors, including four out of the five. However, this popular choice does not go without its faults. Our research found that the component <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-1389\" target=\"_blank\" rel=\"noopener\">CVE-2023-1389<\/a> in OpenWrt is frequently abused to deploy cyberattacks through a Mirai botnet variant.<\/p>\n<h3>Firmware Software Is Outdated<\/h3>\n<p>Between the five vendors, Vedere Labs found an average of 662 components and 2154 findings per firmware image including vulnerabilities, weak security postures and potential new vulnerabilities.<\/p>\n<ul>\n<li><strong>The average update is four years behind OpenWrt\u2019s latest release<\/strong><\/li>\n<li>The average open-source component is over five years behind<\/li>\n<li>All firmware images, except for Digi&#8217;s, rely on an unsupported version of OpenSSL<\/li>\n<\/ul>\n<h3>Custom Patches Are Incorrect or Insufficient<\/h3>\n<p>Vedere Labs found that vendors applying their own patches to known vulnerabilities sometimes introduced new issues or were incorrect patches altogether. Additionally, companies rarely produce public records or security advisories mentioning these patches, leading to additional vulnerabilities under the guise of newfound security.<\/p>\n<p>The full report includes a vulnerability ranking that summarizes Forescout\u2019s research by placing each company\u2019s firmware on a scale of low-medium-high-critical.<\/p>\n<p><strong><em><a href=\"\/webinars\/rough-around-the-edges-webinar\/\">Webinar: Learn more<\/a> with Daniel dos Santos, VP of Research, Vedere Labs and Larry Pesce, Product Security Research and Analysis Director, Finite State.<\/em><\/strong><\/p>\n<h2>How to Help Resolve Router Firmware Insecurity<\/h2>\n<p>This is a call to action. Router vendors and device manufacturers need to improve the information they provide to customers. This solution starts with SBOMs. Customers need support regarding device risk, detection and threat responses \u2013 and they need to be able to patch insecure firmware quickly.<\/p>\n<p>Risk mitigation in OT\/IoT requires a network-based, granular and dynamic asset inventory.<\/p>\n<p>SBOMs can be generated and provided by the device manufacturers or reconstructed from a firmware image, as we did with Finite State. However, <a href=\"https:\/\/www.darkreading.com\/ics-ot-security\/southern-company-builds-a-power-substation-sbom\" target=\"_blank\" rel=\"noopener\">most manufacturers still decline to provide SBOMs<\/a>.<\/p>\n<p>The process for fortifying the routers in OT\/IoT is laborious. To help better secure these firmware vulnerabilities, router manufacturers should provide detailed SBOMs to customers. SBOMs would give customers a platform of better information to better support vulnerability management.<\/p>\n<p>Major governing bodies, including CISA, published important guidance on SBOMs last November. Be sure to read: \u201c<a href=\"https:\/\/media.defense.gov\/2023\/Nov\/09\/2003338086\/-1\/-1\/0\/SECURING%20THE%20SOFTWARE%20SUPPLY%20CHAIN%20RECOMMENDED%20PRACTICES%20FOR%20SOFTWARE%20BILL%20OF%20MATERIALS%20CONSUMPTION.PDF\" target=\"_blank\" rel=\"noreferrer noopener\">Securing the Software of Supply Chain: Recommended Practices for Software Bill of Materials Consumption<\/a>.\u201d<\/p>\n<p>As discussed in our recent <a href=\"\/resources\/2024-riskiest-connected-devices\/\">Riskiest Connected Devices<\/a> report, asset risk should include information about the configuration, behavior and function of a device. It&#8217;s not enough to know that a vulnerability exists. It is important to understand whether those vulnerabilities can be exploited based on the device\u2019s configuration and behavior is essential for assessing and mitigating risk.<\/p>\n<p>Thank you to <a href=\"https:\/\/finitestate.io\/\" target=\"_blank\" rel=\"noopener\">Finite State<\/a> for your excellent help and your accurate and detailed SBOM data. We are proud to have worked with you on this report.<\/p>\n<p>Finite State is a leading vendor of Software Bill of Materials (SBOM). These SBOMs provide ingredient lists of the components in a software, allowing security teams and researchers to understand and analyze software components.<\/p>\n<div style=\"display: block; margin: 10px; border-top: 1px solid #CCCCCC; border-bottom: 1px solid #CCCCCC; padding: 10px;\">\n<h4>Rough Around the Edges: Top Router Firmware Vulnerabilities<\/h4>\n<p class=\"u-display-flex u-flex-wrap u-gap\"><a href=\"\/webinars\/rough-around-the-edges-webinar\/\"  title=\"Register For The Webinar\" class=\"c-btn c-btn--primary has-icon icon-camera icon-position-right has-icon-animation icon-animation-pulse\"><span class=\"cta-button-text\">Register For The Webinar<\/span><\/a> <a href=\"\/research-labs\/ot-iot-routers-in-the-software-supply-chain\/\"  title=\"GET The Full Report\" class=\"c-btn c-btn--primary c-btn--outline u-flex-auto u-flex-initial@sm u-justify-center u-justify-start@sm has-icon icon-arrow-right icon-position-right has-icon-animation icon-animation-fade-in\"><span class=\"cta-button-text\">GET The Full Report<\/span><\/a>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>The current state of OT\/IOT security is being repainted with a new coat of risk. The shade of color? Cellular routers and the vulnerabilities within firmware. In our new report with Finite State, our joint research explores the risks organizations face within the software supply chains of OT\/IoT routers. Hardware has firmware \u2013 operational software [&hellip;]<\/p>\n","protected":false},"author":124,"featured_media":89354,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"ep_exclude_from_search":false,"footnotes":"","_links_to":"","_links_to_target":""},"categories":[562,540],"tags":[],"coauthors":[542],"class_list":["post-89313","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-views","category-research-and-cyber-alerts"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Firmware Vulnerabilities Run Rampant in Cellular Routers - Forescout<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.forescout.com\/blog\/firmware-vulnerabilities-run-rampant-in-cellular-routers\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Firmware Vulnerabilities Run Rampant in Cellular Routers - Forescout\" \/>\n<meta property=\"og:description\" content=\"The current state of OT\/IOT security is being repainted with a new coat of risk. The shade of color? Cellular routers and the vulnerabilities within firmware. In our new report with Finite State, our joint research explores the risks organizations face within the software supply chains of OT\/IoT routers. Hardware has firmware \u2013 operational software [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.forescout.com\/blog\/firmware-vulnerabilities-run-rampant-in-cellular-routers\/\" \/>\n<meta property=\"og:site_name\" content=\"Forescout\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ForescoutTechnologies\" \/>\n<meta property=\"article:published_time\" content=\"2024-08-06T15:00:11+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-08-06T15:30:40+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.forescout.com\/wp-content\/uploads\/2024\/08\/FS-2024-Firmware-Vulnerabilities-Share-v1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"419\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Forescout Research - Vedere Labs\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Forescout\" \/>\n<meta name=\"twitter:site\" content=\"@Forescout\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.forescout.com\/blog\/firmware-vulnerabilities-run-rampant-in-cellular-routers\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.forescout.com\/blog\/firmware-vulnerabilities-run-rampant-in-cellular-routers\/\"},\"author\":{\"name\":\"Forescout Research - Vedere Labs\",\"@id\":\"https:\/\/www.forescout.com\/#\/schema\/person\/038ef2eda17d37f87d9978fa703ee984\"},\"headline\":\"Firmware Vulnerabilities Run Rampant in Cellular Routers\",\"datePublished\":\"2024-08-06T15:00:11+00:00\",\"dateModified\":\"2024-08-06T15:30:40+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.forescout.com\/blog\/firmware-vulnerabilities-run-rampant-in-cellular-routers\/\"},\"wordCount\":1337,\"publisher\":{\"@id\":\"https:\/\/www.forescout.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.forescout.com\/blog\/firmware-vulnerabilities-run-rampant-in-cellular-routers\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.forescout.com\/wp-content\/uploads\/2024\/08\/FS-2024-Firmware-Vulnerabilities-Share-v1.jpg\",\"articleSection\":[\"News &amp; Views\",\"Research &amp; Cyber Alerts\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.forescout.com\/blog\/firmware-vulnerabilities-run-rampant-in-cellular-routers\/\",\"url\":\"https:\/\/www.forescout.com\/blog\/firmware-vulnerabilities-run-rampant-in-cellular-routers\/\",\"name\":\"Firmware Vulnerabilities Run Rampant in Cellular Routers - Forescout\",\"isPartOf\":{\"@id\":\"https:\/\/www.forescout.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.forescout.com\/blog\/firmware-vulnerabilities-run-rampant-in-cellular-routers\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.forescout.com\/blog\/firmware-vulnerabilities-run-rampant-in-cellular-routers\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.forescout.com\/wp-content\/uploads\/2024\/08\/FS-2024-Firmware-Vulnerabilities-Share-v1.jpg\",\"datePublished\":\"2024-08-06T15:00:11+00:00\",\"dateModified\":\"2024-08-06T15:30:40+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.forescout.com\/blog\/firmware-vulnerabilities-run-rampant-in-cellular-routers\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.forescout.com\/blog\/firmware-vulnerabilities-run-rampant-in-cellular-routers\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.forescout.com\/blog\/firmware-vulnerabilities-run-rampant-in-cellular-routers\/#primaryimage\",\"url\":\"https:\/\/www.forescout.com\/wp-content\/uploads\/2024\/08\/FS-2024-Firmware-Vulnerabilities-Share-v1.jpg\",\"contentUrl\":\"https:\/\/www.forescout.com\/wp-content\/uploads\/2024\/08\/FS-2024-Firmware-Vulnerabilities-Share-v1.jpg\",\"width\":800,\"height\":419},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.forescout.com\/blog\/firmware-vulnerabilities-run-rampant-in-cellular-routers\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.forescout.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Firmware Vulnerabilities Run Rampant in Cellular Routers\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.forescout.com\/#website\",\"url\":\"https:\/\/www.forescout.com\/\",\"name\":\"Forescout\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.forescout.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.forescout.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.forescout.com\/#organization\",\"name\":\"Forescout Technologies, Inc.\",\"url\":\"https:\/\/www.forescout.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.forescout.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.forescout.com\/wp-content\/uploads\/2019\/01\/forescout-logo.svg\",\"contentUrl\":\"https:\/\/www.forescout.com\/wp-content\/uploads\/2019\/01\/forescout-logo.svg\",\"width\":1,\"height\":1,\"caption\":\"Forescout Technologies, Inc.\"},\"image\":{\"@id\":\"https:\/\/www.forescout.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/ForescoutTechnologies\",\"https:\/\/x.com\/Forescout\",\"https:\/\/www.instagram.com\/forescouttechnologies\/\",\"https:\/\/www.linkedin.com\/company\/forescout-technologies\",\"https:\/\/www.youtube.com\/user\/forescout1\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.forescout.com\/#\/schema\/person\/038ef2eda17d37f87d9978fa703ee984\",\"name\":\"Forescout Research - Vedere Labs\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.forescout.com\/#\/schema\/person\/image\/b4c8db5600adef8fa1a89cc86e15c781\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/6f43608a91eb86cde1564e21650235d0ed570d1ae0fbd371a265636ed603e70d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/6f43608a91eb86cde1564e21650235d0ed570d1ae0fbd371a265636ed603e70d?s=96&d=mm&r=g\",\"caption\":\"Forescout Research - Vedere Labs\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Firmware Vulnerabilities Run Rampant in Cellular Routers - Forescout","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.forescout.com\/blog\/firmware-vulnerabilities-run-rampant-in-cellular-routers\/","og_locale":"en_US","og_type":"article","og_title":"Firmware Vulnerabilities Run Rampant in Cellular Routers - Forescout","og_description":"The current state of OT\/IOT security is being repainted with a new coat of risk. The shade of color? Cellular routers and the vulnerabilities within firmware. In our new report with Finite State, our joint research explores the risks organizations face within the software supply chains of OT\/IoT routers. Hardware has firmware \u2013 operational software [&hellip;]","og_url":"https:\/\/www.forescout.com\/blog\/firmware-vulnerabilities-run-rampant-in-cellular-routers\/","og_site_name":"Forescout","article_publisher":"https:\/\/www.facebook.com\/ForescoutTechnologies","article_published_time":"2024-08-06T15:00:11+00:00","article_modified_time":"2024-08-06T15:30:40+00:00","og_image":[{"width":800,"height":419,"url":"https:\/\/www.forescout.com\/wp-content\/uploads\/2024\/08\/FS-2024-Firmware-Vulnerabilities-Share-v1.jpg","type":"image\/jpeg"}],"author":"Forescout Research - Vedere Labs","twitter_card":"summary_large_image","twitter_creator":"@Forescout","twitter_site":"@Forescout","twitter_misc":{"Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.forescout.com\/blog\/firmware-vulnerabilities-run-rampant-in-cellular-routers\/#article","isPartOf":{"@id":"https:\/\/www.forescout.com\/blog\/firmware-vulnerabilities-run-rampant-in-cellular-routers\/"},"author":{"name":"Forescout Research - Vedere Labs","@id":"https:\/\/www.forescout.com\/#\/schema\/person\/038ef2eda17d37f87d9978fa703ee984"},"headline":"Firmware Vulnerabilities Run Rampant in Cellular Routers","datePublished":"2024-08-06T15:00:11+00:00","dateModified":"2024-08-06T15:30:40+00:00","mainEntityOfPage":{"@id":"https:\/\/www.forescout.com\/blog\/firmware-vulnerabilities-run-rampant-in-cellular-routers\/"},"wordCount":1337,"publisher":{"@id":"https:\/\/www.forescout.com\/#organization"},"image":{"@id":"https:\/\/www.forescout.com\/blog\/firmware-vulnerabilities-run-rampant-in-cellular-routers\/#primaryimage"},"thumbnailUrl":"https:\/\/www.forescout.com\/wp-content\/uploads\/2024\/08\/FS-2024-Firmware-Vulnerabilities-Share-v1.jpg","articleSection":["News &amp; Views","Research &amp; Cyber Alerts"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.forescout.com\/blog\/firmware-vulnerabilities-run-rampant-in-cellular-routers\/","url":"https:\/\/www.forescout.com\/blog\/firmware-vulnerabilities-run-rampant-in-cellular-routers\/","name":"Firmware Vulnerabilities Run Rampant in Cellular Routers - Forescout","isPartOf":{"@id":"https:\/\/www.forescout.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.forescout.com\/blog\/firmware-vulnerabilities-run-rampant-in-cellular-routers\/#primaryimage"},"image":{"@id":"https:\/\/www.forescout.com\/blog\/firmware-vulnerabilities-run-rampant-in-cellular-routers\/#primaryimage"},"thumbnailUrl":"https:\/\/www.forescout.com\/wp-content\/uploads\/2024\/08\/FS-2024-Firmware-Vulnerabilities-Share-v1.jpg","datePublished":"2024-08-06T15:00:11+00:00","dateModified":"2024-08-06T15:30:40+00:00","breadcrumb":{"@id":"https:\/\/www.forescout.com\/blog\/firmware-vulnerabilities-run-rampant-in-cellular-routers\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.forescout.com\/blog\/firmware-vulnerabilities-run-rampant-in-cellular-routers\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.forescout.com\/blog\/firmware-vulnerabilities-run-rampant-in-cellular-routers\/#primaryimage","url":"https:\/\/www.forescout.com\/wp-content\/uploads\/2024\/08\/FS-2024-Firmware-Vulnerabilities-Share-v1.jpg","contentUrl":"https:\/\/www.forescout.com\/wp-content\/uploads\/2024\/08\/FS-2024-Firmware-Vulnerabilities-Share-v1.jpg","width":800,"height":419},{"@type":"BreadcrumbList","@id":"https:\/\/www.forescout.com\/blog\/firmware-vulnerabilities-run-rampant-in-cellular-routers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.forescout.com\/"},{"@type":"ListItem","position":2,"name":"Firmware Vulnerabilities Run Rampant in Cellular Routers"}]},{"@type":"WebSite","@id":"https:\/\/www.forescout.com\/#website","url":"https:\/\/www.forescout.com\/","name":"Forescout","description":"","publisher":{"@id":"https:\/\/www.forescout.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.forescout.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.forescout.com\/#organization","name":"Forescout Technologies, Inc.","url":"https:\/\/www.forescout.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.forescout.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.forescout.com\/wp-content\/uploads\/2019\/01\/forescout-logo.svg","contentUrl":"https:\/\/www.forescout.com\/wp-content\/uploads\/2019\/01\/forescout-logo.svg","width":1,"height":1,"caption":"Forescout Technologies, Inc."},"image":{"@id":"https:\/\/www.forescout.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/ForescoutTechnologies","https:\/\/x.com\/Forescout","https:\/\/www.instagram.com\/forescouttechnologies\/","https:\/\/www.linkedin.com\/company\/forescout-technologies","https:\/\/www.youtube.com\/user\/forescout1"]},{"@type":"Person","@id":"https:\/\/www.forescout.com\/#\/schema\/person\/038ef2eda17d37f87d9978fa703ee984","name":"Forescout Research - Vedere Labs","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.forescout.com\/#\/schema\/person\/image\/b4c8db5600adef8fa1a89cc86e15c781","url":"https:\/\/secure.gravatar.com\/avatar\/6f43608a91eb86cde1564e21650235d0ed570d1ae0fbd371a265636ed603e70d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/6f43608a91eb86cde1564e21650235d0ed570d1ae0fbd371a265636ed603e70d?s=96&d=mm&r=g","caption":"Forescout Research - Vedere Labs"}}]}},"featured_media_url":"https:\/\/www.forescout.com\/wp-content\/uploads\/2024\/08\/FS-2024-Firmware-Vulnerabilities-Share-v1.jpg","is_file":false,"excerpt_manually_set":false,"_links":{"self":[{"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/posts\/89313","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/users\/124"}],"replies":[{"embeddable":true,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/comments?post=89313"}],"version-history":[{"count":0,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/posts\/89313\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/media\/89354"}],"wp:attachment":[{"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/media?parent=89313"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/categories?post=89313"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/tags?post=89313"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/coauthors?post=89313"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}