CVE-2023-32349

Published: May 22, 2023Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Version 00.07.03.4 and prior of Teltonika’s RUT router firmware contain a packet dump utility that contains proper validation for filter parameters. However, variables for validation checks are stored in an external configuration file. An authenticated attacker could use an exposed UCI configuration utility to change these variables and enable malicious parameters in the dump utility, which could result in arbitrary code execution.

Affected (18)

Products: Teltonika Networks: Rut200 Firmware, Rut240 Firmware, Rut241 Firmware, Rut300 Firmware, Rut360 Firmware, Rut901 Firmware, Rut950 Firmware, Rut951 Firmware, Rut955 Firmware, Rut956 Firmware, Rutx08 Firmware, Rutx09 Firmware, Rutx10 Firmware, Rutx11 Firmware, Rutx12 Firmware, Rutx14 Firmware, Rutx50 Firmware, Rutxr1 Firmware

18 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Teltonika Networks Rut200 Firmware	Up to 00.07.03.4

Running on/with	Platform Versions
Teltonika Networks Rut200	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Teltonika Networks Rut240 Firmware	Up to 00.07.03.4

Running on/with	Platform Versions
Teltonika Networks Rut240	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Teltonika Networks Rut241 Firmware	Up to 00.07.03.4

Running on/with	Platform Versions
Teltonika Networks Rut241	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Teltonika Networks Rut300 Firmware	Up to 00.07.03.4

Running on/with	Platform Versions
Teltonika Networks Rut300	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Teltonika Networks Rut360 Firmware	Up to 00.07.03.4

Running on/with	Platform Versions
Teltonika Networks Rut360	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Teltonika Networks Rut901 Firmware	Up to 00.07.03.4

Running on/with	Platform Versions
Teltonika Networks Rut901	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Teltonika Networks Rut950 Firmware	Up to 00.07.03.4

Running on/with	Platform Versions
Teltonika Networks Rut950	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Teltonika Networks Rut951 Firmware	Up to 00.07.03.4

Running on/with	Platform Versions
Teltonika Networks Rut951	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Teltonika Networks Rut955 Firmware	Up to 00.07.03.4

Running on/with	Platform Versions
Teltonika Networks Rut955	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Teltonika Networks Rut956 Firmware	Up to 00.07.03.4

Running on/with	Platform Versions
Teltonika Networks Rut956	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Teltonika Networks Rutx08 Firmware	Up to 00.07.03.4

Running on/with	Platform Versions
Teltonika Networks Rutx08	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Teltonika Networks Rutx09 Firmware	Up to 00.07.03.4

Running on/with	Platform Versions
Teltonika Networks Rutx09	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Teltonika Networks Rutx10 Firmware	Up to 00.07.03.4

Running on/with	Platform Versions
Teltonika Networks Rutx10	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Teltonika Networks Rutx11 Firmware	Up to 00.07.03.4

Running on/with	Platform Versions
Teltonika Networks Rutx11	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Teltonika Networks Rutx12 Firmware	Up to 00.07.03.4

Running on/with	Platform Versions
Teltonika Networks Rutx12	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Teltonika Networks Rutx14 Firmware	From 00.07.00 to 00.07.03.4

Running on/with	Platform Versions
Teltonika Networks Rutx14	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Teltonika Networks Rutx50 Firmware	From 00.07.00 to 00.07.03.4

Running on/with	Platform Versions
Teltonika Networks Rutx50	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Teltonika Networks Rutxr1 Firmware	From 00.07.00 to 00.07.03.4

Running on/with	Platform Versions
Teltonika Networks Rutxr1	All versions

Related CWEs

CWE-15

External Control of System or Configuration Setting

One or more system settings or configuration elements can be externally controlled by a user.

References (2)

https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.