Sierra Wireless, a Canadian company specializing in industrial web connectivity solutions, has recently come under scrutiny due to security concerns. Security experts have identified approximately 21 vulnerabilities in the software of its routers, such as OpenDNS and TinyXML. These vulnerabilities pose a significant risk of exposing or may have already exposed nearly 87,000+ routers across various sectors, including healthcare, waste management, retail, emergency services, and vehicle tracking, to potential cyber-attacks.
Termed as “Sierra:21” by security experts, the flaws in Sierra Wireless AirLink Cellular Routers have been addressed through a software update. However, the company anticipates that the complete rollout may take some time, depending on when router administrators across different sectors become aware of the situation and apply the necessary updates.
It is noteworthy that a majority of the affected 5G dual wireless routers are predominantly deployed in Western nations, such as the United States, Canada, France, Australia, and Thailand.
According to studies, these router vulnerabilities could enable hackers to steal data and gain control of the router, allowing them to inject malicious code. Furthermore, these vulnerabilities make the devices potential entry points into critical networks. Additionally, the low power wide area devices can be exploited by hackers to function as bots for launching Distributed Denial of Service (DDoS) attacks, causing crashes in management software, or initiating man-in-the-middle attacks.
It’s worth mentioning that in August 2020, Semtech Corporation, a semiconductor manufacturer based in California, announced the acquisition of Sierra Wireless. The deal, valued at USD $1.2 billion, was successfully closed in January 2023.