Published: 22/05/2023 Updated: 01/06/2023

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 0

Versions 00.07.00 up to and including 00.07.03 of Teltonika’s RUT router firmware contain an operating system (OS) command injection vulnerability in a Lua service. An attacker could exploit a parameter in the vulnerable function that calls a user-provided package name by instead providing a package with a malicious name that contains an OS command injection payload.

Vulnerable Product	Search on Vulmon	Subscribe to Product
teltonika-networks rut200_firmware
teltonika-networks rut240_firmware
teltonika-networks rut241_firmware
teltonika-networks rut300_firmware
teltonika-networks rut360_firmware
teltonika-networks rut901_firmware
teltonika-networks rut950_firmware
teltonika-networks rut951_firmware
teltonika-networks rut955_firmware
teltonika-networks rut956_firmware
teltonika-networks rutx08_firmware
teltonika-networks rutx09_firmware
teltonika-networks rutx10_firmware
teltonika-networks rutx11_firmware
teltonika-networks rutx12_firmware
teltonika-networks rutx14_firmware
teltonika-networks rutx50_firmware
teltonika-networks rutxr1_firmware

CWE-78 https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-32350

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect