Version 00.07.03.4 and prior of Teltonika’s RUT router firmware contain a packet dump utility that contains proper validation for filter parameters. However, variables for validation checks are stored in an external configuration file. An authenticated attacker could use an exposed UCI configuration utility to change these variables and enable malicious parameters in the dump utility, which could result in arbitrary code execution.
References
Link | Resource |
---|---|
https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08 | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
Configuration 13 (hide)
AND |
|
Configuration 14 (hide)
AND |
|
Configuration 15 (hide)
AND |
|
Configuration 16 (hide)
AND |
|
Configuration 17 (hide)
AND |
|
Configuration 18 (hide)
AND |
|
History
01 Jun 2023, 17:54
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CPE | cpe:2.3:h:teltonika-networks:rut360:-:*:*:*:*:*:*:* cpe:2.3:h:teltonika-networks:rut300:-:*:*:*:*:*:*:* cpe:2.3:o:teltonika-networks:rutx09_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:teltonika-networks:rutx12_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:teltonika-networks:rutx50_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:teltonika-networks:rutx11:-:*:*:*:*:*:*:* cpe:2.3:o:teltonika-networks:rut901_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:teltonika-networks:rut950_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:teltonika-networks:rut241:-:*:*:*:*:*:*:* cpe:2.3:o:teltonika-networks:rutx11_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:teltonika-networks:rutx12:-:*:*:*:*:*:*:* cpe:2.3:h:teltonika-networks:rutx10:-:*:*:*:*:*:*:* cpe:2.3:h:teltonika-networks:rutx09:-:*:*:*:*:*:*:* cpe:2.3:h:teltonika-networks:rutx14:-:*:*:*:*:*:*:* cpe:2.3:o:teltonika-networks:rutx14_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:teltonika-networks:rutx08:-:*:*:*:*:*:*:* cpe:2.3:h:teltonika-networks:rut901:-:*:*:*:*:*:*:* cpe:2.3:o:teltonika-networks:rut951_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:teltonika-networks:rut241_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:teltonika-networks:rutxr1_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:teltonika-networks:rut956:-:*:*:*:*:*:*:* cpe:2.3:o:teltonika-networks:rut956_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:teltonika-networks:rut360_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:teltonika-networks:rut300_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:teltonika-networks:rutxr1:-:*:*:*:*:*:*:* cpe:2.3:o:teltonika-networks:rut240_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:teltonika-networks:rut200_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:teltonika-networks:rutx08_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:teltonika-networks:rutx50:-:*:*:*:*:*:*:* cpe:2.3:h:teltonika-networks:rut240:-:*:*:*:*:*:*:* cpe:2.3:h:teltonika-networks:rut951:-:*:*:*:*:*:*:* cpe:2.3:o:teltonika-networks:rutx10_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:teltonika-networks:rut955_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:teltonika-networks:rut200:-:*:*:*:*:*:*:* cpe:2.3:h:teltonika-networks:rut950:-:*:*:*:*:*:*:* cpe:2.3:h:teltonika-networks:rut955:-:*:*:*:*:*:*:* |
|
References | (MISC) https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08 - Third Party Advisory, US Government Resource | |
First Time |
Teltonika-networks rutx50 Firmware
Teltonika-networks rutx08 Firmware Teltonika-networks rut950 Firmware Teltonika-networks rut241 Firmware Teltonika-networks rutx10 Teltonika-networks rutx14 Firmware Teltonika-networks rut240 Teltonika-networks rutxr1 Firmware Teltonika-networks rut241 Teltonika-networks rut951 Firmware Teltonika-networks rut951 Teltonika-networks rutx11 Firmware Teltonika-networks rutx11 Teltonika-networks rut955 Teltonika-networks rut360 Firmware Teltonika-networks rutx14 Teltonika-networks rutx10 Firmware Teltonika-networks rut200 Teltonika-networks rut956 Teltonika-networks rut955 Firmware Teltonika-networks rut956 Firmware Teltonika-networks rut901 Firmware Teltonika-networks rut950 Teltonika-networks rutx09 Teltonika-networks rut200 Firmware Teltonika-networks rutx12 Firmware Teltonika-networks rutx50 Teltonika-networks rutxr1 Teltonika-networks rut300 Firmware Teltonika-networks rut360 Teltonika-networks rutx08 Teltonika-networks rut901 Teltonika-networks rut240 Firmware Teltonika-networks rutx12 Teltonika-networks rut300 Teltonika-networks Teltonika-networks rutx09 Firmware |
01 Jun 2023, 01:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Version 00.07.03.4 and prior of Teltonika’s RUT router firmware contain a packet dump utility that contains proper validation for filter parameters. However, variables for validation checks are stored in an external configuration file. An authenticated attacker could use an exposed UCI configuration utility to change these variables and enable malicious parameters in the dump utility, which could result in arbitrary code execution. |
22 May 2023, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-05-22 16:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-32349
Mitre link : CVE-2023-32349
CVE.ORG link : CVE-2023-32349
JSON object : View
Products Affected
teltonika-networks
- rut300_firmware
- rutx09_firmware
- rut951
- rutx08_firmware
- rutx11
- rut241_firmware
- rutx12_firmware
- rutx50
- rut955
- rut360
- rutx12
- rut240_firmware
- rutx14
- rut240
- rutx09
- rut200
- rut901
- rutx11_firmware
- rut901_firmware
- rut950_firmware
- rutxr1_firmware
- rut956_firmware
- rut951_firmware
- rut300
- rut955_firmware
- rutx10
- rutx50_firmware
- rut950
- rut956
- rut241
- rut360_firmware
- rutx14_firmware
- rutxr1
- rutx10_firmware
- rutx08
- rut200_firmware
CWE
CWE-15
External Control of System or Configuration Setting