Cisco IoT wireless access points hit by severe command injection flaw

In a 2021 blog about the technology, Fluidmesh Network’s co-founder and former CEO Umberto Malesci gave several examples of how the technology was being used, including use cases that make possible a 1,000-device IP camera network on moving trains in France, enabling wireless control of port cranes in Malta, and as part of infrastructure supporting driverless metro trains in Milan.

“Imagine remotely monitoring and controlling moving assets on trains, subways, public transit, mines, or ports. If a few packets drop while you’re checking email, no one notices. In contrast, dropped packets when you’re remotely controlling a crane or autonomous vehicle can have serious consequences,” wrote Malesci.

The critical nature of these use cases underlines how important it is to patch the flaw as a high priority. However, it’s not clear how easy it would be for an attacker to target the vulnerability directly, given that this type of access point is normally isolated on a dedicated IoT network segment. If that is the case, an attacker would probably need wireless proximity to exploit the weakness.