Ethical Hacking News
Milesight Router Vulnerability Exposed: A New Front in Smishing Attacks
A new vulnerability in industrial cellular routers has emerged as the latest tool for attackers in smishing campaigns targeting European countries. French cybersecurity firm SEKOIA discovered that its products were being exploited by unknown threat actors to send malicious SMS messages to users across European countries.
Milesight industrial cellular routers have a new vulnerability being exploited by attackers to send malicious SMS messages. The attacks began as early as February 2022 and use a combination of phishing URLs and JavaScript code to trick victims into divulging sensitive information. About half of identified vulnerable routers in Europe remain unpatched and can be accessed by anyone with basic hacking knowledge. Attackers are using phishing URLs that impersonate government platforms, banking providers, postal services, and telecom companies to trick victims into divulging sensitive information. The use of industrial routers for smishing campaigns offers advantages to attackers, including decentralised delivery vectors and challenging detection and takedown efforts.
Smishing campaigns have long been a threat to mobile phone users, especially those living in Europe, and now a new vulnerability in industrial cellular routers has emerged as the latest tool for attackers. Milesight, a Chinese company that produces these devices, has found itself at the center of attention after French cybersecurity firm SEKOIA discovered that its products were being exploited by unknown threat actors to send malicious SMS messages to users across European countries.
According to a recent report from SEKOIA, the attacks began as early as February 2022 and have been ongoing ever since. The company found that the attackers are using a combination of phishing URLs and JavaScript code to trick victims into divulging sensitive information such as banking details. This is not an isolated incident; it's part of a larger pattern where Milesight routers are being used as a means to distribute malicious messages.
One of the most striking aspects of this vulnerability is that Milesight devices can send SMS messages without requiring any authentication, making them extremely vulnerable to exploitation. SEKOIA notes that about half of the identified vulnerable routers in Europe have not been patched and could be accessed by anyone with basic knowledge of hacking. The attack vector used here exploits a now-patched information disclosure flaw impacting Milesight routers (CVE-2023-43261, CVSS score: 7.5), which was disclosed exactly two years ago by security researcher Bipin Jitiya.
Furthermore, the attacks appear to be part of a targeted operation where attackers use phishing URLs that impersonate government platforms like CSAM and eBox, as well as banking, postal, and telecom providers. The malicious messages contain JavaScript code that checks whether the page is being accessed from a mobile device before serving the malicious content. This means users are likely to have their phone's browser locked out of certain functionalities.
The use of industrial routers for smishing campaigns offers several advantages to attackers. Firstly, these devices can send SMS messages without requiring any authentication, which makes them ideal for phishing attacks that rely on tricking victims into divulging sensitive information. Secondly, they offer a decentralised delivery vector, making it challenging both for detection and takedown efforts.
In light of this new vulnerability in Milesight routers, cybersecurity companies and experts are urging users to remain vigilant about their phone safety. It is recommended that all users take extra precautions when opening any SMS messages or links from unknown sources. The report has also shed some light on how the attacks are being conducted using publicly accessible APIs due to misconfigurations.
In conclusion, this new vulnerability in industrial cellular routers marks a significant front in smishing campaigns targeting European countries since at least February 2022. As security firms and individuals continue to navigate these evolving threats, it is essential that users remain vigilant about their phone safety and take proactive measures to protect themselves from falling prey to phishing attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/Milesight-Router-Vulnerability-Exposed-A-New-Front-in-Smishing-Attacks-ehn.shtml
https://thehackernews.com/2025/10/hackers-exploit-milesight-routers-to.html
https://securityonline.info/hackers-hijack-industrial-cellular-routers-to-launch-widespread-smishing-campaigns-across-europe/
Published: Wed Oct 1 06:52:37 2025 by llama3.2 3B Q4_K_M
