CVE-2022-29730 – USR IOT 4G LTE Industrial Cellular VPN Router v... (How to Fix)

Q: What is the severity of CVE-2022-29730?

CVE-2022-29730 has a CVSS score of 9.8 (CRITICAL). USR IOT 4G LTE Industrial Cellular VPN Router v1.0.36 contains hard-coded administrative credentials that cannot be changed through normal device operation. This allows attackers to gain full administrative control of affected routers. Organizations using these specific industrial VPN routers are affected.

📋 TL;DR

USR IOT 4G LTE Industrial Cellular VPN Router v1.0.36 contains hard-coded administrative credentials that cannot be changed through normal device operation. This allows attackers to gain full administrative control of affected routers. Organizations using these specific industrial VPN routers are affected.

💻 Affected Systems

Products:

USR IOT 4G LTE Industrial Cellular VPN Router

Versions: v1.0.36

Operating Systems: Embedded router OS

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running the affected firmware version are vulnerable regardless of configuration.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of industrial network infrastructure, allowing attackers to intercept VPN traffic, modify router configurations, pivot to internal networks, and disrupt industrial operations.

🟠

Likely Case

Unauthorized administrative access leading to network reconnaissance, data interception, and potential lateral movement into connected industrial control systems.

🟢

If Mitigated

Limited impact if routers are behind firewalls with strict network segmentation and access controls preventing external exploitation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Hard-coded credentials are publicly documented, making exploitation trivial for anyone with network access to the device.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.pusr.com/

Restart Required: No

Instructions:

No official patch available. Contact vendor for updated firmware or mitigation guidance.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected routers in dedicated network segments with strict firewall rules preventing external access.

Access Control Lists

all

Implement network ACLs to restrict administrative access to trusted IP addresses only.

🧯 If You Can't Patch

Replace affected routers with different models that don't have hard-coded credentials
Implement network monitoring and intrusion detection specifically for router administrative access attempts

🔍 How to Verify

Check if Vulnerable:

Check router firmware version via web interface or CLI. If version is 1.0.36, device is vulnerable.

Check Version:

Check via web interface at http://[router-ip]/ or SSH to device and check firmware version

Verify Fix Applied:

Verify firmware has been updated to a version later than 1.0.36, or test that hard-coded credentials no longer work.

📡 Detection & Monitoring

Log Indicators:

Failed login attempts followed by successful login with default credentials
Administrative configuration changes from unexpected sources

Network Indicators:

Administrative access to router from unauthorized IP addresses
Unusual VPN tunnel establishment patterns

SIEM Query:

source_ip=* AND destination_ip=[router-ip] AND (event_type="authentication_success" OR event_type="configuration_change")

📊 Metadata

CVE ID: CVE-2022-29730

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-798

Published: June 2, 2022

Last Updated: November 21, 2024

🔗 References

https://www.pusr.com/ Vendor Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5705.php Exploit,Third Party Advisory
https://www.pusr.com/ Vendor Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5705.php Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-29730, you might also want to check these: