Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability in Open Network Demarcation Service (OpenNDS)
Alerts

Critical Vulnerability in Open Network Demarcation Service (OpenNDS)

7 December 2023

OpenNDS has released security updates addressing a critical vulnerability (CVE-2023-41101) in their OpenNDS product, a service providing a border control gateway between a public local area network and the Internet. The vulnerability has a Common Vulnerability Scoring System (CVSS) score of 9.8 out of 10 and affects a variety of products utilising its service, such as Sierra Wireless Airlink cellular routers.

Successful exploitation of the vulnerability could allow an unauthenticated remote attacker to perform remote code execution.

The vulnerability affects all OpenNDS versions before 10.1.3.

Users and administrators of affected products using vulnerable versions of OpenNDS are advised to update to the latest versions immediately or as soon as they are released. 

More information is available here: 

https://github.com/advisories/GHSA-75j8-mr4c-4x59

https://www.forescout.com/blog/sierra21-supply-chain-vulnerabilities-iot-ot-routers/

https://github.com/openNDS/openNDS/releases

Back to top