Based on the frequent requirement to clarify the differences among router hardware platforms we decided to release a comprehensive platform overview on the separate web page. With the simple matrix on platform page is much easier to understand and choose the right family of routers from HW and SW points of view.

From the beginning of 2021, we started to use the new name ICR-OS (Industrial Cellular Routers OS) instead of Conel OS for the router operating system. Now we finished that transition and prepared a basic overview of ICR-OS features on the web page.

Forescout Research Labs has recently published a report from a study called AMNESIA:33, which performed a security analysis of seven open-source embedded TCP/IP stacks. The study discovered 33 new vulnerabilities in four of the seven analyzed stacks. For more details see the White Paper.

Our routers use the Linux Kernel TCP/IP stack, which is not affected by the listed vulnerabilities. Should you have more questions, please contact your Regional Support.

We released a user module with NetFlow/IPFIX probe and collector. The module captures a source and a destination IP address of each observed network communication and the amount of data exchanged. This can be used by network monitors such as PRTG to identify unusual traffic flows caused by misconfigurations, security incidents or policy violations.

Detailed description of the module configuration and operation can be found in the NetFlow/IPFIX Application Note.

The User Modules can be downloaded here.

Our cellular routers are not affected by the Ripple20 vulnerabilities discovered in a TCP/IP software library of many IoT devices.

Our cellular routers are not affected by the Kr00k vulnerability because the hardware is not based on Broadcom or Cypress Wi-Fi chips.

Our cellular routers are not affected by the „Cable Haunt“ vulnerability, which was recently discovered in Broadcom-based cable modems across multiple vendors.

This security advisory is a reaction on the recently discovered network vulnerabilities in Linux kernel (see below on particular names and links).

These vulnerabilities can, under certain circumstances, be used by an attacker against a range of our routers running current firmware (6.1.9) with the potential result of the router rebooting.

We have already prepared a patch which closes the vulnerabilities. The patch will be included in future firmware versions (6.1.10, 6.2.0) when these are released.

Until the new firmware versions are available, you may apply any of the recommended workaround. The easiest ...

This article main topic is about v2 factory settings and default use case, also discussing a few LAN attacks on high-level.

When you get a cellular router from Advantech CZ, the default settings fall into one of the three cases:

1. Router is pre-configured exactly to your needs.
2. V2 router - with default v2 router generation configuration.
3. V3 router - with default v3 generation configuration.

As for the first possibility - router pre-configured exactly to your needs: as described in the first article, there are several ways how ...

A very important topic to cover in this article series is something we call security model of the router.

Before getting to that, let's look at the user model. There are a few user models being used in the operating systems based on Linux. Please note that this definition is something to make our security model more understandable and help with further understanding of the securing process, it is not a formal definition as used in information science.