Vulnerabilites related to teltonika-networks - rut240
Vulnerability from fkie_nvd
Published
2023-05-22 16:15
Modified
2024-11-21 08:03
Severity ?
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Version 00.07.03.4 and prior of Teltonika’s RUT router firmware contain a packet dump utility that contains proper validation for filter parameters. However, variables for validation checks are stored in an external configuration file. An authenticated attacker could use an exposed UCI configuration utility to change these variables and enable malicious parameters in the dump utility, which could result in arbitrary code execution.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08 | Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:teltonika-networks:rut200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AB8F92B-6B3D-412A-A36E-BD165B439790",
"versionEndIncluding": "00.07.03.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:teltonika-networks:rut200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66CE10C3-A271-49DC-9701-6AE683935027",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:teltonika-networks:rut240_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FD8F425-1562-4A17-B517-9584BDFC4AB5",
"versionEndIncluding": "00.07.03.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:teltonika-networks:rut240:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F67C4A2C-8603-4E97-886F-882DDE786B77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:teltonika-networks:rut241_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "623F5042-542D-4B01-9E12-15E90F57D098",
"versionEndIncluding": "00.07.03.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:teltonika-networks:rut241:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68F89383-8227-4925-868E-020522EA5FA3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:teltonika-networks:rut300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE0E17D0-7D64-477A-BB04-8E276E47FD47",
"versionEndIncluding": "00.07.03.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:teltonika-networks:rut300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44B9F0BE-0D55-46BA-8889-B31E22F42EFF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:teltonika-networks:rut360_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "37E525C8-B479-400D-8C5A-5F27B477929D",
"versionEndIncluding": "00.07.03.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:teltonika-networks:rut360:-:*:*:*:*:*:*:*",
"matchCriteriaId": "912F95E0-8FC9-4A35-85C0-B3CA1CA8ADE7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:teltonika-networks:rut901_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22E55A57-4A38-4071-B18F-0A129D530A88",
"versionEndIncluding": "00.07.03.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:teltonika-networks:rut901:-:*:*:*:*:*:*:*",
"matchCriteriaId": "733D27C1-D1AB-4900-9EE4-E0948EBDBDC5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:teltonika-networks:rut950_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EEF5D66A-A7AB-4C3D-8090-0EFA8AFA2480",
"versionEndIncluding": "00.07.03.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:teltonika-networks:rut950:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D52329E-82CC-4BF6-ACB4-96CD5E15AD8E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:teltonika-networks:rut951_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3291CBC4-8479-49E7-AE79-1299FA1F8EFF",
"versionEndIncluding": "00.07.03.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:teltonika-networks:rut951:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4297BE76-0B62-40BA-947D-7F41D4BBB3BB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:teltonika-networks:rut955_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7114BEC-D022-487E-B206-7D6B6F6CB9DD",
"versionEndIncluding": "00.07.03.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:teltonika-networks:rut955:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57BD4813-8DE9-4CA4-BC8C-676107D704EB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:teltonika-networks:rut956_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92EAE867-0272-4229-BC07-59D80BCF7AE8",
"versionEndIncluding": "00.07.03.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:teltonika-networks:rut956:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB073896-35C5-4354-8025-657076C839A8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:teltonika-networks:rutx08_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74419363-824F-409B-B6CD-3E2F0BB33461",
"versionEndIncluding": "00.07.03.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:teltonika-networks:rutx08:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EDAC1E9D-485A-4484-8F02-5118DD70A881",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:teltonika-networks:rutx09_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E475B89F-B08C-4517-8C8D-F23A04C6405A",
"versionEndIncluding": "00.07.03.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:teltonika-networks:rutx09:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0DB7671D-3398-4AD1-B8BE-2C2A8F52EDBF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:teltonika-networks:rutx10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A673AFF-28DD-49C7-BAF2-1218AF1BAAC4",
"versionEndIncluding": "00.07.03.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:teltonika-networks:rutx10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D33E1270-278E-408C-ADD6-9FB6ACF5A913",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:teltonika-networks:rutx11_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61B226C0-1B25-4AB7-98A6-C0C6ACF10181",
"versionEndIncluding": "00.07.03.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:teltonika-networks:rutx11:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7E889D3-F36F-41C4-BFAE-9E1F7AB71CED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:teltonika-networks:rutx12_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA7B224B-8AFD-47F4-9512-825EE1A8EC2A",
"versionEndIncluding": "00.07.03.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:teltonika-networks:rutx12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D5F38B9-39B0-4519-8E12-2274F36F1DDB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:teltonika-networks:rutx14_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48895EDD-7A87-4F7D-8A83-9AA6BC323A52",
"versionEndIncluding": "00.07.03.4",
"versionStartIncluding": "00.07.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:teltonika-networks:rutx14:-:*:*:*:*:*:*:*",
"matchCriteriaId": "349D7DF3-C61D-4631-B202-88D54B3851DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:teltonika-networks:rutx50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "559A59FB-C6AB-4ADA-9275-6DE3448273EA",
"versionEndIncluding": "00.07.03.4",
"versionStartIncluding": "00.07.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:teltonika-networks:rutx50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB1FE5AD-FD6D-44D0-B5B5-80496E4DB5BD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:teltonika-networks:rutxr1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94D5F606-8DE7-4326-8C02-8A9B9C344659",
"versionEndIncluding": "00.07.03.4",
"versionStartIncluding": "00.07.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:teltonika-networks:rutxr1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "797BC6D8-187B-4630-BE66-5B0AF9836699",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nVersion 00.07.03.4 and prior of Teltonika\u2019s RUT router firmware contain a packet dump utility that contains proper validation for filter parameters. However, variables for validation checks are stored in an external configuration file. An authenticated attacker could use an exposed UCI configuration utility to change these variables and enable malicious parameters in the dump utility, which could result in arbitrary code execution.\n\n"
}
],
"id": "CVE-2023-32349",
"lastModified": "2024-11-21T08:03:09.730",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-22T16:15:10.420",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-15"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-22 16:15
Modified
2024-11-21 08:03
Severity ?
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Versions 00.07.00 through 00.07.03 of Teltonika’s RUT router firmware contain an operating system (OS) command injection vulnerability in a Lua service. An attacker could exploit a parameter in the vulnerable function that calls a user-provided package name by instead providing a package with a malicious name that contains an OS command injection payload.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08 | Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:teltonika-networks:rut200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3620893-A9BF-4DB2-9D80-40F9BADFBE9B",
"versionEndIncluding": "00.07.03",
"versionStartIncluding": "00.07.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:teltonika-networks:rut200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66CE10C3-A271-49DC-9701-6AE683935027",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:teltonika-networks:rut240_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6487C2D9-96DA-4EE8-962A-8DBAE7905736",
"versionEndIncluding": "00.07.03",
"versionStartIncluding": "00.07.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:teltonika-networks:rut240:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F67C4A2C-8603-4E97-886F-882DDE786B77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:teltonika-networks:rut241_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9B4D081-6B2C-4FAC-A830-64F105F7F021",
"versionEndIncluding": "00.07.03",
"versionStartIncluding": "00.07.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:teltonika-networks:rut241:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68F89383-8227-4925-868E-020522EA5FA3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:teltonika-networks:rut300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15F17141-21FC-407A-9576-8EFEA1156B01",
"versionEndIncluding": "00.07.03",
"versionStartIncluding": "00.07.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:teltonika-networks:rut300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44B9F0BE-0D55-46BA-8889-B31E22F42EFF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:teltonika-networks:rut360_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "276711D2-1886-498D-ACF7-39E28BAB3315",
"versionEndIncluding": "00.07.03",
"versionStartIncluding": "00.07.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:teltonika-networks:rut360:-:*:*:*:*:*:*:*",
"matchCriteriaId": "912F95E0-8FC9-4A35-85C0-B3CA1CA8ADE7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:teltonika-networks:rut901_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5059B60-1B8E-4C46-A269-1FFC55923301",
"versionEndIncluding": "00.07.03",
"versionStartIncluding": "00.07.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:teltonika-networks:rut901:-:*:*:*:*:*:*:*",
"matchCriteriaId": "733D27C1-D1AB-4900-9EE4-E0948EBDBDC5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:teltonika-networks:rut950_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1B3F24-4252-45E7-AD3E-FA451894C946",
"versionEndIncluding": "00.07.03",
"versionStartIncluding": "00.07.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:teltonika-networks:rut950:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D52329E-82CC-4BF6-ACB4-96CD5E15AD8E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:teltonika-networks:rut951_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2C4C14E-DA52-4404-8AAE-F36B5DFC2AAD",
"versionEndIncluding": "00.07.03",
"versionStartIncluding": "00.07.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:teltonika-networks:rut951:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4297BE76-0B62-40BA-947D-7F41D4BBB3BB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:teltonika-networks:rut955_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6D621FE-2E22-4F91-9016-DAA936CBA747",
"versionEndIncluding": "00.07.03",
"versionStartIncluding": "00.07.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:teltonika-networks:rut955:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57BD4813-8DE9-4CA4-BC8C-676107D704EB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:teltonika-networks:rut956_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E56A344C-C83E-4BF3-8B90-302A998446D1",
"versionEndIncluding": "00.07.03",
"versionStartIncluding": "00.07.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:teltonika-networks:rut956:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB073896-35C5-4354-8025-657076C839A8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:teltonika-networks:rutx08_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85AB5E00-27ED-41BD-AA9C-E759F463BFD9",
"versionEndIncluding": "00.07.03",
"versionStartIncluding": "00.07.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:teltonika-networks:rutx08:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EDAC1E9D-485A-4484-8F02-5118DD70A881",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:teltonika-networks:rutx09_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC2022A3-8CEB-4E27-86CF-C604A0289481",
"versionEndIncluding": "00.07.03",
"versionStartIncluding": "00.07.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:teltonika-networks:rutx09:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0DB7671D-3398-4AD1-B8BE-2C2A8F52EDBF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:teltonika-networks:rutx10_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C739CAEB-58D0-4294-9B6B-3C79E418A1AE",
"versionEndIncluding": "00.07.03",
"versionStartIncluding": "00.07.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:teltonika-networks:rutx10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D33E1270-278E-408C-ADD6-9FB6ACF5A913",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:teltonika-networks:rutx11_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52B4940A-C976-4894-BA31-704892BB3757",
"versionEndIncluding": "00.07.03",
"versionStartIncluding": "00.07.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:teltonika-networks:rutx11:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7E889D3-F36F-41C4-BFAE-9E1F7AB71CED",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:teltonika-networks:rutx12_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B48CB77-4F81-4B9A-B47E-B4F3CC613406",
"versionEndIncluding": "00.07.03",
"versionStartIncluding": "00.07.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:teltonika-networks:rutx12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D5F38B9-39B0-4519-8E12-2274F36F1DDB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:teltonika-networks:rutx14_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F028540-BB91-4EB2-A862-62DBE0DD82A5",
"versionEndIncluding": "00.07.03",
"versionStartIncluding": "00.07.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:teltonika-networks:rutx14:-:*:*:*:*:*:*:*",
"matchCriteriaId": "349D7DF3-C61D-4631-B202-88D54B3851DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:teltonika-networks:rutx50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D006563-077F-4AAA-8952-4D8A29354674",
"versionEndIncluding": "00.07.03",
"versionStartIncluding": "00.07.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:teltonika-networks:rutx50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB1FE5AD-FD6D-44D0-B5B5-80496E4DB5BD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:teltonika-networks:rutxr1_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D76970F6-747B-435D-9942-BAA67E0D88BE",
"versionEndIncluding": "00.07.03",
"versionStartIncluding": "00.07.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:teltonika-networks:rutxr1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "797BC6D8-187B-4630-BE66-5B0AF9836699",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nVersions 00.07.00 through 00.07.03 of Teltonika\u2019s RUT router firmware contain an operating system (OS) command injection vulnerability in a Lua service. An attacker could exploit a parameter in the vulnerable function that calls a user-provided package name by instead providing a package with a malicious name that contains an OS command injection payload.\n\n"
}
],
"id": "CVE-2023-32350",
"lastModified": "2024-11-21T08:03:09.873",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-22T16:15:10.497",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-17 04:15
Modified
2025-05-30 15:38
Severity ?
Summary
Teltonika RUT240 devices with firmware before 07.04.2, when bridge mode is used, sometimes make SSH and HTTP services available on the IPv6 WAN interface even though the UI shows that they are only available on the LAN interface.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://research.exoticsilicon.com/articles/lte_ethernet_bridge_bug_followup | Third Party Advisory | |
| cve@mitre.org | https://research.exoticsilicon.com/news | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://research.exoticsilicon.com/articles/lte_ethernet_bridge_bug_followup | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://research.exoticsilicon.com/news | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| teltonika-networks | rut240_firmware | * | |
| teltonika-networks | rut240 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:teltonika-networks:rut240_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBCF2B4-9A99-4CD5-A029-03112ED0286E",
"versionEndExcluding": "00.07.04.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:teltonika-networks:rut240:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F67C4A2C-8603-4E97-886F-882DDE786B77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Teltonika RUT240 devices with firmware before 07.04.2, when bridge mode is used, sometimes make SSH and HTTP services available on the IPv6 WAN interface even though the UI shows that they are only available on the LAN interface."
},
{
"lang": "es",
"value": "Los dispositivos Teltonika RUT240 con firmware anterior a 07.04.2, cuando se utiliza el modo puente, a veces hacen que los servicios SSH y HTTP est\u00e9n disponibles en la interfaz WAN IPv6 aunque la interfaz de usuario muestre que solo est\u00e1n disponibles en la interfaz LAN."
}
],
"id": "CVE-2023-31728",
"lastModified": "2025-05-30T15:38:38.977",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-02-17T04:15:07.503",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://research.exoticsilicon.com/articles/lte_ethernet_bridge_bug_followup"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://research.exoticsilicon.com/news"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://research.exoticsilicon.com/articles/lte_ethernet_bridge_bug_followup"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://research.exoticsilicon.com/news"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-31728 (GCVE-0-2023-31728)
Vulnerability from cvelistv5
Published
2024-02-17 00:00
Modified
2024-11-01 19:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Teltonika RUT240 devices with firmware before 07.04.2, when bridge mode is used, sometimes make SSH and HTTP services available on the IPv6 WAN interface even though the UI shows that they are only available on the LAN interface.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:56:35.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://research.exoticsilicon.com/articles/lte_ethernet_bridge_bug_followup"
},
{
"tags": [
"x_transferred"
],
"url": "https://research.exoticsilicon.com/news"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:teltonika-networks:rut240_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "rut240_firmware",
"vendor": "teltonika-networks",
"versions": [
{
"lessThan": "07.04.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-31728",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-01T18:57:08.545750Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-01T19:04:41.139Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Teltonika RUT240 devices with firmware before 07.04.2, when bridge mode is used, sometimes make SSH and HTTP services available on the IPv6 WAN interface even though the UI shows that they are only available on the LAN interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-17T04:00:26.166063",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://research.exoticsilicon.com/articles/lte_ethernet_bridge_bug_followup"
},
{
"url": "https://research.exoticsilicon.com/news"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-31728",
"datePublished": "2024-02-17T00:00:00",
"dateReserved": "2023-04-29T00:00:00",
"dateUpdated": "2024-11-01T19:04:41.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32349 (GCVE-0-2023-32349)
Vulnerability from cvelistv5
Published
2023-05-22 15:12
Modified
2025-01-16 21:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-15 - External Control of System or Configuration Setting
Summary
Version 00.07.03.4 and prior of Teltonika’s RUT router firmware contain a packet dump utility that contains proper validation for filter parameters. However, variables for validation checks are stored in an external configuration file. An authenticated attacker could use an exposed UCI configuration utility to change these variables and enable malicious parameters in the dump utility, which could result in arbitrary code execution.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Teltonika | RUT model routers |
Version: 0 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:10:24.909Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32349",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T20:30:22.835417Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:34:23.944Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RUT model routers",
"vendor": "Teltonika",
"versions": [
{
"lessThanOrEqual": "00.07.03.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Noam Moshe"
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Claroty Research"
}
],
"datePublic": "2023-05-11T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVersion 00.07.03.4 and prior of Teltonika\u2019s RUT router firmware contain a packet dump utility that contains proper validation for filter parameters. However, variables for validation checks are stored in an external configuration file. An authenticated attacker could use an exposed UCI configuration utility to change these variables and enable malicious parameters in the dump utility, which could result in arbitrary code execution.\u003c/span\u003e\n\n"
}
],
"value": "\nVersion 00.07.03.4 and prior of Teltonika\u2019s RUT router firmware contain a packet dump utility that contains proper validation for filter parameters. However, variables for validation checks are stored in an external configuration file. An authenticated attacker could use an exposed UCI configuration utility to change these variables and enable malicious parameters in the dump utility, which could result in arbitrary code execution.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-15",
"description": "CWE-15 External Control of System or Configuration Setting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-01T00:40:19.409Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-32349",
"datePublished": "2023-05-22T15:12:08.610Z",
"dateReserved": "2023-05-08T22:09:33.450Z",
"dateUpdated": "2025-01-16T21:34:23.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-32350 (GCVE-0-2023-32350)
Vulnerability from cvelistv5
Published
2023-05-22 15:14
Modified
2025-01-16 21:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
Versions 00.07.00 through 00.07.03 of Teltonika’s RUT router firmware contain an operating system (OS) command injection vulnerability in a Lua service. An attacker could exploit a parameter in the vulnerable function that calls a user-provided package name by instead providing a package with a malicious name that contains an OS command injection payload.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Teltonika | RUT model routers |
Version: 00.07.00 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:10:24.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"government-resource",
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32350",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T20:30:18.391448Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:34:13.864Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RUT model routers",
"vendor": "Teltonika",
"versions": [
{
"lessThanOrEqual": "00.07.03",
"status": "affected",
"version": "00.07.00",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Noam Moshe"
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Claroty Research"
}
],
"datePublic": "2023-05-11T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVersions 00.07.00 through 00.07.03 of Teltonika\u2019s RUT router firmware contain an operating system (OS) command injection vulnerability in a Lua service. An attacker could exploit a parameter in the vulnerable function that calls a user-provided package name by instead providing a package with a malicious name that contains an OS command injection payload.\u003c/span\u003e\n\n"
}
],
"value": "\nVersions 00.07.00 through 00.07.03 of Teltonika\u2019s RUT router firmware contain an operating system (OS) command injection vulnerability in a Lua service. An attacker could exploit a parameter in the vulnerable function that calls a user-provided package name by instead providing a package with a malicious name that contains an OS command injection payload.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-22T15:14:57.025Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-32350",
"datePublished": "2023-05-22T15:14:57.025Z",
"dateReserved": "2023-05-08T22:09:33.450Z",
"dateUpdated": "2025-01-16T21:34:13.864Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}