Critical Vulnerability: ALLNET ALL-RUT22GW Routers Exposed by Hardcoded Credentials (CVE-2025-29268)

Overview

CVE-2025-29268 details a critical security vulnerability discovered in ALLNET ALL-RUT22GW v3.3.8 industrial LTE cellular routers. The vulnerability stems from the presence of hardcoded credentials within the libicos.so library. This allows unauthorized access and potential compromise of affected devices.

Technical Details

The specific flaw resides in the libicos.so library, which is a crucial component of the router’s firmware. Security researchers discovered that this library contains static, hardcoded credentials used for authentication. An attacker who obtains these credentials can remotely access and control the router, potentially gaining access to sensitive data, modifying configurations, or using the router as a point of entry into a network.

The affected firmware version is v3.3.8. It’s important to note that other versions may also be affected, but this has not been confirmed in the public domain. Further investigation of other firmware versions is recommended.

Example of potential exploitation (illustrative only, actual exploitation may differ):

        # (Illustrative) Example - using the discovered credentials via SSH
        ssh user@router_ip_address
        Password: [hardcoded_password_from_libicos.so]
        

CVSS Analysis

Currently, a CVSS score has not been assigned to CVE-2025-29268. However, the presence of hardcoded credentials generally warrants a high to critical severity rating due to the ease of exploitation and potential impact. A formal CVSS score will likely be assigned by NIST or other vulnerability scoring organizations in the future. We strongly advise treating this vulnerability with high priority regardless of the current lack of a CVSS score.

Possible Impact

The exploitation of CVE-2025-29268 can have severe consequences, especially given the industrial context of the ALL-RUT22GW routers. Potential impacts include:

• Data Breach: Access to sensitive data transmitted through the router.
• Denial of Service (DoS): Rendering the router and connected devices unusable.
• Configuration Modification: Altering router settings to redirect traffic, create backdoors, or disable security features.
• Lateral Movement: Using the compromised router as a stepping stone to access other devices on the network.
• Malware Installation: Installing malware on the router or connected devices.
• Espionage: Monitoring network traffic and activities.

Mitigation or Patch Steps

The primary mitigation strategy is to update the router’s firmware to a version that addresses this vulnerability. Currently, there is no publicly available patch. Contact ALLNET support for the most up-to-date information on available firmware updates.

Until a patch is available, consider the following temporary mitigation steps:

• Network Segmentation: Isolate the ALL-RUT22GW router on a separate network segment to limit the potential impact of a compromise.
• Firewall Rules: Implement strict firewall rules to restrict access to the router’s management interface.
• Intrusion Detection Systems (IDS): Deploy IDS to detect and alert on suspicious activity targeting the router.
• Monitor Logs: Regularly monitor router logs for signs of unauthorized access or malicious activity.
• Disable Unnecessary Services: Disable any unnecessary services running on the router to reduce the attack surface.

Important Note: These temporary mitigations do not fully address the vulnerability and should only be considered stop-gap measures until a proper firmware update is released.