The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a high-severity flaw impacting Sierra Wireless AirLink ALEOS routers to its Known Exploited Vulnerabilities (KEV) catalog. CVE-2018-4063 (CVSS score:
8.8/9.9) refers to an unrestricted file upload vulnerability that could be exploited to achieve remote code execution by means of a malicious HTTP request.
Attacks have also been recorded from a previously undocumented threat cluster named Chaya_005 to upload an unspecified malicious payload with the name "fw_upload_init.cgi" No further successful exploitation efforts have been detected since then. In light of active exploitation, Federal Civilian Executive Branch (FCEB) agencies are advised to update their devices to a supported version or discontinue the use of the product by January 2, 2026, since it has reached end-of-support status. It comes a day after a honeypot analysis conducted by Forescout over a 90-day period revealed that industrial routers are the most attacked devices in operational technology (OT) environments, with threat actors attempting to deliver botnet and cryptocurrency miner malware families like RondoDox, Redtail, and ShadowV2 by exploiting the following flaws -
- CVE-2024-12856 (Four-Faith routers) and CVE- 2024-0012 (Palo Alto Networks PAN-OS)