Versions 00.07.00 up to and including 00.07.03 of Teltonika’s RUT router firmware contain an operating system (OS) command injection vulnerability in a Lua service. An attacker could exploit a parameter in the vulnerable function that calls a user-provided package name by instead providing a package with a malicious name that contains an OS command injection payload.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
teltonika-networks rut200_firmware |
||
teltonika-networks rut240_firmware |
||
teltonika-networks rut241_firmware |
||
teltonika-networks rut300_firmware |
||
teltonika-networks rut360_firmware |
||
teltonika-networks rut901_firmware |
||
teltonika-networks rut950_firmware |
||
teltonika-networks rut951_firmware |
||
teltonika-networks rut955_firmware |
||
teltonika-networks rut956_firmware |
||
teltonika-networks rutx08_firmware |
||
teltonika-networks rutx09_firmware |
||
teltonika-networks rutx10_firmware |
||
teltonika-networks rutx11_firmware |
||
teltonika-networks rutx12_firmware |
||
teltonika-networks rutx14_firmware |
||
teltonika-networks rutx50_firmware |
||
teltonika-networks rutxr1_firmware |