CVE-2023-32350

Published: May 22, 2023Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Versions 00.07.00 through 00.07.03 of Teltonika’s RUT router firmware contain an operating system (OS) command injection vulnerability in a Lua service. An attacker could exploit a parameter in the vulnerable function that calls a user-provided package name by instead providing a package with a malicious name that contains an OS command injection payload.

Affected (18)

Products: Teltonika Networks: Rut200 Firmware, Rut240 Firmware, Rut241 Firmware, Rut300 Firmware, Rut360 Firmware, Rut901 Firmware, Rut950 Firmware, Rut951 Firmware, Rut955 Firmware, Rut956 Firmware, Rutx08 Firmware, Rutx09 Firmware, Rutx10 Firmware, Rutx11 Firmware, Rutx12 Firmware, Rutx14 Firmware, Rutx50 Firmware, Rutxr1 Firmware

18 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Teltonika Networks Rut200 Firmware	From 00.07.00 to 00.07.03

Running on/with	Platform Versions
Teltonika Networks Rut200	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Teltonika Networks Rut240 Firmware	From 00.07.00 to 00.07.03

Running on/with	Platform Versions
Teltonika Networks Rut240	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Teltonika Networks Rut241 Firmware	From 00.07.00 to 00.07.03

Running on/with	Platform Versions
Teltonika Networks Rut241	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Teltonika Networks Rut300 Firmware	From 00.07.00 to 00.07.03

Running on/with	Platform Versions
Teltonika Networks Rut300	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Teltonika Networks Rut360 Firmware	From 00.07.00 to 00.07.03

Running on/with	Platform Versions
Teltonika Networks Rut360	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Teltonika Networks Rut901 Firmware	From 00.07.00 to 00.07.03

Running on/with	Platform Versions
Teltonika Networks Rut901	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Teltonika Networks Rut950 Firmware	From 00.07.00 to 00.07.03

Running on/with	Platform Versions
Teltonika Networks Rut950	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Teltonika Networks Rut951 Firmware	From 00.07.00 to 00.07.03

Running on/with	Platform Versions
Teltonika Networks Rut951	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Teltonika Networks Rut955 Firmware	From 00.07.00 to 00.07.03

Running on/with	Platform Versions
Teltonika Networks Rut955	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Teltonika Networks Rut956 Firmware	From 00.07.00 to 00.07.03

Running on/with	Platform Versions
Teltonika Networks Rut956	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Teltonika Networks Rutx08 Firmware	From 00.07.00 to 00.07.03

Running on/with	Platform Versions
Teltonika Networks Rutx08	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Teltonika Networks Rutx09 Firmware	From 00.07.00 to 00.07.03

Running on/with	Platform Versions
Teltonika Networks Rutx09	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Teltonika Networks Rutx10 Firmware	From 00.07.00 to 00.07.03

Running on/with	Platform Versions
Teltonika Networks Rutx10	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Teltonika Networks Rutx11 Firmware	From 00.07.00 to 00.07.03

Running on/with	Platform Versions
Teltonika Networks Rutx11	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Teltonika Networks Rutx12 Firmware	From 00.07.00 to 00.07.03

Running on/with	Platform Versions
Teltonika Networks Rutx12	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Teltonika Networks Rutx14 Firmware	From 00.07.00 to 00.07.03

Running on/with	Platform Versions
Teltonika Networks Rutx14	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Teltonika Networks Rutx50 Firmware	From 00.07.00 to 00.07.03

Running on/with	Platform Versions
Teltonika Networks Rutx50	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Teltonika Networks Rutxr1 Firmware	From 00.07.00 to 00.07.03

Running on/with	Platform Versions
Teltonika Networks Rutxr1	All versions

Related CWEs

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (2)

https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.