USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 Remote Root Backdoor

Posted on 21 April 2022

The USR IOT industrial router is vulnerable to hard-coded credentials within its Linux distribution image. These sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the device. Affected versions include 1.0.36 and 1.2.7.