# IRZ RUH2 3G Firmware Overwrite Vulnerability
NCCIC/ICS-CERT has identified a firmware overwrite vulnerability in iRZ's RUH2 device. iRZ has discontinued this product and no longer offers support.
This vulnerability could be exploited remotely. Exploits that target this vulnerability are known to be publicly available.
### AFFECTED PRODUCTS
The following iRZ product is affected:
An attacker could corrupt the firmware of the serial-to-Ethernet converters employed for substation communications and network routers.
Impact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation.
iRZ is a Russian-based company that maintains offices in several countries around the world, including China, Iran, Ukraine, Kazakhstan, France, Belgium, Switzerland, Italy, and Spain.
The affected product, RUH2, is a serial-to-network connector system. According to iRZ, RUH2s are deployed across several sectors including Commercial Facilities, Communications, Financial Services, Healthcare and Public Health, and others. iRZ estimates that this product is used primarily in Eastern Europe.
### VULNERABILITY CHARACTERIZATION
# VULNERABILITY OVERVIEW
UNRESTRICTED UPLOAD OF FILE
Authorized users can remotely update the firmware with an unvalidated patch.
CVE-2016-2309 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H).
### VULNERABILITY DETAILS
This vulnerability could be exploited remotely.
# EXISTENCE OF EXPLOIT
Exploits that target this vulnerability are publicly available.
An attacker with a low skill would be able to exploit this vulnerability.
iRZ recommends users replace the RUH2 with either the RUH2b or RUH3. Additional information on this vulnerability is available at: