{"id":16939,"date":"2023-02-06T20:33:18","date_gmt":"2023-02-06T19:33:18","guid":{"rendered":"https:\/\/www.show.it\/critical-baicells-device-vulnerability-can-expose-telecoms-networks-to-snooping\/"},"modified":"2023-02-06T20:33:18","modified_gmt":"2023-02-06T19:33:18","slug":"critical-baicells-device-vulnerability-can-expose-telecoms-networks-to-snooping","status":"publish","type":"post","link":"https:\/\/www.show.it\/en\/critical-baicells-device-vulnerability-can-expose-telecoms-networks-to-snooping\/","title":{"rendered":"Critical Baicells Device Vulnerability Can Expose Telecoms Networks to Snooping"},"content":{"rendered":"

A critical vulnerability affecting wireless communication base stations from Baicells Technologies can be exploited to cause disruption in telecom networks or take complete control of data and voice traffic, according to a researcher.<\/strong><\/p>\n

Baicells Technologies is a US-based telecommunications equipment provider for 4G and 5G networks. The company says more than 100,000 of its base stations are deployed across 64 countries around the world.\u00a0<\/p>\n

Cyber offensive researcher Rustam Amin <\/a>discovered that at least some of Baicells\u2019 Nova base station products are affected by a critical command injection vulnerability that can be exploited remotely without authentication by sending specially crafted HTTP requests to the targeted device.<\/p>\n

Exploitation of the vulnerability, tracked as CVE-2023-24508, can allow an attacker to run shell commands with root privileges and take complete control of a device, Amin told SecurityWeek.\u00a0<\/p>\n

The researcher explained that an attacker could, for instance, easily shut down a device to cause disruption. In addition, they could take full control over the traffic and phone calls going over a targeted network. A hacker could obtain information such as phone numbers, IMEI, and location data.\u00a0<\/p>\n

However, conducting such an attack is not an easy task and it requires specific knowledge of the targeted network.\u00a0<\/p>\n

Amin told SecurityWeek that there are more than 1,150 devices exposed to the internet, mostly located in the United States.\u00a0<\/p>\n

Baicells published an advisory<\/a> to inform customers about the vulnerability on January 24. The researcher said the vendor was quick to respond to his notification and quick to issue a patch.\u00a0<\/p>\n

Nova 227, 233, 243 and 246 base stations are affected. The security hole has been patched with the release of version 3.7.11.3.<\/p>\n

The vendor\u2019s advisory only mentions Nova products as being impacted, but the researcher believes other products could be impacted as well.\u00a0<\/p>\n

The US Cybersecurity and Infrastructure Security Agency (CISA) published an advisory last week to inform organizations about CVE-2023-24508<\/a>.<\/p>\n

Amin recently also discovered serious vulnerabilities in Econolite EOS traffic controller software, which can be exploited to control traffic lights<\/a>.<\/p>\n

Related: <\/strong>OT Security Firm Warns of Safety Risks Posed by Alerton Building System Vulnerabilities<\/a><\/p>\n

Related: <\/strong>US Details Chinese Attacks Against Telecoms Providers<\/a><\/p>\n

Related: <\/strong>Cisco Patches High-Severity Vulnerabilities in Communications, Networking Products<\/a><\/p>\n

The post Critical Baicells Device Vulnerability Can Expose Telecoms Networks to Snooping<\/a> appeared first on SecurityWeek<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

A critical vulnerability affecting wireless communication base stations from Baicells Technologies can be exploited to cause disruption in telecom networks or take complete control of data and voice traffic, according to a researcher. Baicells Technologies is a US-based telecommunications equipment provider for 4G and 5G networks. The company says more than 100,000 of its base […]<\/p>\n","protected":false},"author":2,"featured_media":16940,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[48,199,23],"tags":[],"class_list":["post-16939","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-mobile-wireless","category-telecoms","category-vulnerabilities"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/posts\/16939","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/comments?post=16939"}],"version-history":[{"count":0,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/posts\/16939\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/media\/16940"}],"wp:attachment":[{"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/media?parent=16939"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/categories?post=16939"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/tags?post=16939"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}