Vulnerability Alert: Sierra Wireless AirLink Gateways
Sierra Wireless issued a security bulletin which indicates that these gateways are vulnerable to IoTroop/Reaper malware. Among other things this malware is known to steal user passwords and contact a command and control server in order to participate in a Distributed Denial of Service (DDoS) attack. These DDoS attacks expose gateway users to significant and unexpected data charges.
The following products are potentially vulnerable:
LS300, GX400, GX/ES440 with firmware version ALEOS 4.4.4 or older
GX/ES450, RV50, RV50X, MP70, MP70E with firmware version ALEOS 4.8.1 or older
A firmware upgrade is required in order to eliminate this vulnerability.