Both attacks involve speculative execution side-channels. The Meltdown vulnerability, CVE-2017-5754, can potentially allow hackers to bypass the hardware barrier between applications and kernel or host memory. The Spectre vulnerability has two variants: CVE-2017-5753 and CVE-2017-5715. These vulnerabilities break isolation between separate applications. Either of these vulnerabilities could potentially be exploited to steal sensitive data from your devices.
Is my NetModule router affected?For the newer generation of NetModule routers (NB800, NB2800, etc.), ARM based processors are used. These types are not affected by Meltdown. However, there are vulnerabilities with Spectre in some rare use cases.For the older generation of NetModule routers (NB1600, etc.), a NXP PowerPC processor is in use. Currently, NXP is investigating if this type of CPU is affected. We will inform you as soon as there is more information available but also here we assume that in case of a potential vulnerability it will affect only a limited number of rare use cases.
How can you protect your NetModule router?Since the application of NetModule routers is different to standard application computers or servers, the risk of an attack is minimal. This is especially the case since these vulnerabilities target that different user applications are running on one computer which is rarely the case on a NetModule router.
If you want to maximize the protection of your devices, please consider following guidelines:
- Do not allow any unauthorized person access to the NetModule router
- Do not download any unauthorized software to the NetModule router
- Only run authorized SDK scripts on the NetModule router
If you take care of these measures, you can minimize the impact, which these possible vulnerabilities and others might have on your NetModule router.We are following closely this important topic. Once there are security patches available, we will provide them to you as soon as possible.