Vulnerability-Lookup

Search criteria ⓘ Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.

Full-Text Search

Vendor

Product

Assigner

Sources

Sort by

Order

Apply ordering (override relevance)

CVE-2017-8116 (GCVE-0-2017-8116)

Vulnerability from nvd – Published: 2017-07-03 16:00 – Updated: 2024-08-05 16:27

Summary

The management interface for the Teltonika RUT9XX routers (aka LuCI) with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metacharacters in the username parameter in a login request.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://github.com/nettitude/metasploit-modules/b…	x_refsource_MISC
	https://github.com/nettitude/metasploit-modules/b…	x_refsource_MISC
	https://labs.nettitude.com/blog/cve-2017-8116-tel…	x_refsource_MISC

Date Public ?

2017-06-20 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:27:22.604Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_add_user.rb"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_cmd_exec.rb"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://labs.nettitude.com/blog/cve-2017-8116-teltonika-router-unauthenticated-remote-code-execution/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-06-20T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The management interface for the Teltonika RUT9XX routers (aka LuCI) with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metacharacters in the username parameter in a login request."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-03T15:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_add_user.rb"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_cmd_exec.rb"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://labs.nettitude.com/blog/cve-2017-8116-teltonika-router-unauthenticated-remote-code-execution/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-8116",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The management interface for the Teltonika RUT9XX routers (aka LuCI) with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metacharacters in the username parameter in a login request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_add_user.rb",
              "refsource": "MISC",
              "url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_add_user.rb"
            },
            {
              "name": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_cmd_exec.rb",
              "refsource": "MISC",
              "url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_cmd_exec.rb"
            },
            {
              "name": "https://labs.nettitude.com/blog/cve-2017-8116-teltonika-router-unauthenticated-remote-code-execution/",
              "refsource": "MISC",
              "url": "https://labs.nettitude.com/blog/cve-2017-8116-teltonika-router-unauthenticated-remote-code-execution/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-8116",
    "datePublished": "2017-07-03T16:00:00.000Z",
    "dateReserved": "2017-04-25T00:00:00.000Z",
    "dateUpdated": "2024-08-05T16:27:22.604Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-8116 (GCVE-0-2017-8116)

Vulnerability from cvelistv5 – Published: 2017-07-03 16:00 – Updated: 2024-08-05 16:27

Summary

The management interface for the Teltonika RUT9XX routers (aka LuCI) with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metacharacters in the username parameter in a login request.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://github.com/nettitude/metasploit-modules/b…	x_refsource_MISC
	https://github.com/nettitude/metasploit-modules/b…	x_refsource_MISC
	https://labs.nettitude.com/blog/cve-2017-8116-tel…	x_refsource_MISC

Date Public ?

2017-06-20 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:27:22.604Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_add_user.rb"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_cmd_exec.rb"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://labs.nettitude.com/blog/cve-2017-8116-teltonika-router-unauthenticated-remote-code-execution/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-06-20T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The management interface for the Teltonika RUT9XX routers (aka LuCI) with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metacharacters in the username parameter in a login request."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-03T15:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_add_user.rb"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_cmd_exec.rb"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://labs.nettitude.com/blog/cve-2017-8116-teltonika-router-unauthenticated-remote-code-execution/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-8116",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The management interface for the Teltonika RUT9XX routers (aka LuCI) with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metacharacters in the username parameter in a login request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_add_user.rb",
              "refsource": "MISC",
              "url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_add_user.rb"
            },
            {
              "name": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_cmd_exec.rb",
              "refsource": "MISC",
              "url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_cmd_exec.rb"
            },
            {
              "name": "https://labs.nettitude.com/blog/cve-2017-8116-teltonika-router-unauthenticated-remote-code-execution/",
              "refsource": "MISC",
              "url": "https://labs.nettitude.com/blog/cve-2017-8116-teltonika-router-unauthenticated-remote-code-execution/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-8116",
    "datePublished": "2017-07-03T16:00:00.000Z",
    "dateReserved": "2017-04-25T00:00:00.000Z",
    "dateUpdated": "2024-08-05T16:27:22.604Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Search criteria ⓘ Use full-text search for keyword queries. Combine vendor, product, and sources to narrow results. Enable “Apply ordering” to sort by dates instead of relevance.

2 vulnerabilities found for rut905_firmware by teltonika

CVE-2017-8116 (GCVE-0-2017-8116)

CVE-2017-8116 (GCVE-0-2017-8116)

Search criteria ⓘ Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.