Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for rut950 by teltonika

    VAR-201707-0931

    Vulnerability from variot - Updated: 2025-04-20 23:23

    The management interface for the Teltonika RUT9XX routers (aka LuCI) with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metacharacters in the username parameter in a login request. TeltonikaRUT9XXrouters (also known as LuCI) is a router product from Teltonika, Lithuania. A security vulnerability exists in the management interface in the TeltonikaRUT9XX router using firmware 0.03.265 and earlier. Teltonika Routers are prone to a remote command-execution vulnerability because it fails to properly sanitize user-supplied input. This may aid in further attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201707-0931",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rut900",
            "scope": "lte",
            "trust": 1.8,
            "vendor": "teltonika",
            "version": "00.03.265"
          },
          {
            "model": "rut905",
            "scope": "lte",
            "trust": 1.8,
            "vendor": "teltonika",
            "version": "00.03.265"
          },
          {
            "model": "rut950",
            "scope": "lte",
            "trust": 1.8,
            "vendor": "teltonika",
            "version": "00.03.265"
          },
          {
            "model": "rut955",
            "scope": "lte",
            "trust": 1.8,
            "vendor": "teltonika",
            "version": "00.03.265"
          },
          {
            "model": "rut9xx routers",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "teltonika",
            "version": "00.03.265"
          },
          {
            "model": "rut950",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "teltonika",
            "version": "00.03.265"
          },
          {
            "model": "rut955",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "teltonika",
            "version": "00.03.265"
          },
          {
            "model": "rut905",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "teltonika",
            "version": "00.03.265"
          },
          {
            "model": "rut900",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "teltonika",
            "version": "00.03.265"
          },
          {
            "model": "rut905",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "teltonika",
            "version": "0.3.265"
          },
          {
            "model": "rut905",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "teltonika",
            "version": "0"
          },
          {
            "model": "rut900",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "teltonika",
            "version": "0.3.265"
          },
          {
            "model": "rut900",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "teltonika",
            "version": "0"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-13830"
          },
          {
            "db": "BID",
            "id": "100978"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-006076"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-060"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8116"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:teltonika:rut900_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:teltonika:rut905_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:teltonika:rut950_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:teltonika:rut955_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-006076"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Nettitude",
        "sources": [
          {
            "db": "BID",
            "id": "100978"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2017-8116",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2017-8116",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-13830",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-116319",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2017-8116",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-8116",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-8116",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-13830",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201707-060",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-116319",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2017-8116",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-13830"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116319"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-8116"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-006076"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-060"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8116"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The management interface for the Teltonika RUT9XX routers (aka LuCI) with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metacharacters in the username parameter in a login request. TeltonikaRUT9XXrouters (also known as LuCI) is a router product from Teltonika, Lithuania. A security vulnerability exists in the management interface in the TeltonikaRUT9XX router using firmware 0.03.265 and earlier. Teltonika Routers are prone to a remote command-execution vulnerability because it fails to properly sanitize user-supplied input. This may aid in further attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-8116"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-006076"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-13830"
          },
          {
            "db": "BID",
            "id": "100978"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116319"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-8116"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-8116",
            "trust": 3.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-006076",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-060",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-13830",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "100978",
            "trust": 0.5
          },
          {
            "db": "VULHUB",
            "id": "VHN-116319",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-8116",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-13830"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116319"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-8116"
          },
          {
            "db": "BID",
            "id": "100978"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-006076"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-060"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8116"
          }
        ]
      },
      "id": "VAR-201707-0931",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-13830"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116319"
          }
        ],
        "trust": 1.7
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-13830"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:23:43.009000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://teltonika.lt/"
          },
          {
            "title": "TeltonikaRUT9XX router arbitrary command execution vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/97827"
          },
          {
            "title": "Teltonika RUT9XX Repair measures for router security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71397"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-13830"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-006076"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-060"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-284",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-116319"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-006076"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8116"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.2,
            "url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_add_user.rb"
          },
          {
            "trust": 2.9,
            "url": "https://labs.nettitude.com/blog/cve-2017-8116-teltonika-router-unauthenticated-remote-code-execution/"
          },
          {
            "trust": 2.6,
            "url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_cmd_exec.rb"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8116"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-8116"
          },
          {
            "trust": 0.3,
            "url": "http://teltonika.lt/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/78.html"
          },
          {
            "trust": 0.1,
            "url": "https://www.securityfocus.com/bid/100978"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-13830"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116319"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-8116"
          },
          {
            "db": "BID",
            "id": "100978"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-006076"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-060"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8116"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-13830"
          },
          {
            "db": "VULHUB",
            "id": "VHN-116319"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-8116"
          },
          {
            "db": "BID",
            "id": "100978"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-006076"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-060"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-8116"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-07-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-13830"
          },
          {
            "date": "2017-07-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-116319"
          },
          {
            "date": "2017-07-03T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-8116"
          },
          {
            "date": "2017-07-03T00:00:00",
            "db": "BID",
            "id": "100978"
          },
          {
            "date": "2017-08-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-006076"
          },
          {
            "date": "2017-07-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201707-060"
          },
          {
            "date": "2017-07-03T16:29:00.557000",
            "db": "NVD",
            "id": "CVE-2017-8116"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-07-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-13830"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-116319"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-8116"
          },
          {
            "date": "2017-07-03T00:00:00",
            "db": "BID",
            "id": "100978"
          },
          {
            "date": "2017-08-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-006076"
          },
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201707-060"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-8116"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-060"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Teltonika RUT9XX In the router firmware management interface  root Vulnerability to execute arbitrary commands with privileges",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-006076"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-060"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201810-0456

    Vulnerability from variot - Updated: 2024-11-23 22:30

    Teltonika RUT9XX routers with firmware before 00.05.01.1 are prone to cross-site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization. TeltonikaRUT9XXrouters (also known as LuCI) is a router product from Teltonika, Lithuania.

    • Identifier : SBA-ADV-20180410-01
    • Type of Vulnerability : Cross Site Scripting
    • Software/Product Name : Teltonika RUT955
    • Vendor : Teltonika
    • Affected Versions : Firmware RUT9XX_R_00.05.00.5 and probably prior
    • Fixed in Version : RUT9XX_R_00.05.01.1
    • CVE ID : CVE-2018-17533
    • CVSSv3 Vector : CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
    • CVSSv3 Base Score : 8.2 (High)

    Vendor Description

    RUT955 is a highly reliable and secure LTE router with I/O, GNSS and RS232/RS485 for professional applications. Router delivers high performance, mission-critical cellular communication and GPS location capabilities.

    Source: https://teltonika.lt/product/rut955/

    Impact

    By exploiting the documented vulnerabilities, an attacker can execute JavaScript code in a user's browser within the origin of the router. The attacker might take over existing or future administrative web management sessions and gain access to the device.

    We recommend upgrading to version RUT9XX_R_00.05.01.1 or newer, which includes fixes for the vulnerabilities described in this advisory. The scripts are part of the coova-chilli captive portal. However, in firmware versions before RUT9XX_R_00.04.233 the vulnerabilities are exploitable regardless of the device configuration, even if no captive portal is configured.

    More concretely, the following parameters are vulnerable:

    • /cgi-bin/hotspotlogin.cgi
    • If res=failed or res=notyet
      • challenge
      • uamip
      • uamport
      • userurl

    The affected script outputs these input parameters in an HTML context without proper output encoding.

    The vulnerabilities are located in hotspotlogin.cgi:

    [...]
    elseif result == 2 or result == 5 then
            replace_tags.formHeader = [[<form name="myForm" method="post" action="]] .. loginpath .. [[">
                            <INPUT TYPE="hidden" NAME="challenge" VALUE="]] .. challenge .. [[">
                            <INPUT TYPE="hidden" NAME="]] .. names["uamip"] .. [[" VALUE="]] .. uamip .. [[">
                            <INPUT TYPE="hidden" NAME="]] .. names["uamport"] .. [[" VALUE="]] .. uamport .. [[">
                            <INPUT TYPE="hidden" NAME="]] .. names["userurl"] .. [[" VALUE="]] ..userurldecode .. [[">
                            <INPUT TYPE="hidden" NAME="res" VALUE="]] .. res .. [[">]]
            replace_tags.formFooter = [[</form>]]
    [...]
    

    As the above code snippet shows, the parameter userurl contains user input and is output without performing any HTML escaping.

    Proof-of-Concept

    An attacker can exploit this vulnerability by manipulating the userurl query parameter:

    http://<IP>/cgi-bin/hotspotlogin.cgi?res=failed&userurl="><script>alert(1)</script><span
    

    An attacker can exploit the other parameters (e.g. challenge) via POST requests:

    <form action="http://<IP>/cgi-bin/hotspotlogin.cgi" method="post" enctype="text/plain">
    <input type="hidden" name="res" value="failed&challenge=&quot;><script>alert(1)</script><span&quot;">
    <input type="submit" value="challenge">
    </form>
    

    Timeline

    • 2018-04-10 identification of vulnerability in version RUT9XX_R_00.04.161
    • 2018-04-16 re-test of version RUT9XX_R_00.04.172
    • 2018-04-16 initial vendor contact through public address
    • 2018-04-18 vendor response with security contact
    • 2018-04-19 disclosed vulnerability to vendor security contact
    • 2018-04-26 vendor released fix in version RUT9XX_R_00.04.233
    • 2018-07-09 notify vendor about incomplete fix in version RUT9XX_R_00.05.00.5
    • 2018-07-19 vendor released fix in version RUT9XX_R_00.05.01.1
    • 2018-07-25 re-test of version RUT9XX_R_00.05.01.2
    • 2018-09-25 request CVE from MITRE
    • 2018-09-26 MITRE assigned CVE-2018-17533
    • 2018-10-11 public disclosure

    References

    Credits

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201810-0456",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rut900",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "teltonika",
            "version": "00.05.01.1"
          },
          {
            "model": "rut950",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "teltonika",
            "version": "00.05.01.1"
          },
          {
            "model": "rut955",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "teltonika",
            "version": "00.05.01.1"
          },
          {
            "model": "rut9xx",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "teltonika",
            "version": "00.05.01.1"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18495"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011053"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17533"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:teltonika:rut900_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:teltonika:rut950_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:teltonika:rut955_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011053"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "David Gnedt",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "149781"
          }
        ],
        "trust": 0.1
      },
      "cve": "CVE-2018-17533",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2018-17533",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2019-18495",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2018-17533",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-17533",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-17533",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-18495",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201810-711",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18495"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011053"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-711"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17533"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Teltonika RUT9XX routers with firmware before 00.05.01.1 are prone to cross-site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization. TeltonikaRUT9XXrouters (also known as LuCI) is a router product from Teltonika, Lithuania. \n\n* **Identifier**            : SBA-ADV-20180410-01\n* **Type of Vulnerability** : Cross Site Scripting\n* **Software/Product Name** : [Teltonika RUT955](https://teltonika.lt/product/rut955/)\n* **Vendor**                : [Teltonika](https://teltonika.lt/)\n* **Affected Versions**     : Firmware RUT9XX_R_00.05.00.5 and probably prior\n* **Fixed in Version**      : RUT9XX_R_00.05.01.1\n* **CVE ID**                : CVE-2018-17533\n* **CVSSv3 Vector**         : CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N\n* **CVSSv3 Base Score**     : 8.2 (High)\n\n## Vendor Description ##\n\n\u003e RUT955 is a highly reliable and secure LTE router with I/O, GNSS and\n\u003e RS232/RS485 for professional applications. Router delivers high\n\u003e performance, mission-critical cellular communication and GPS location\n\u003e capabilities. \n\nSource: \u003chttps://teltonika.lt/product/rut955/\u003e\n\n## Impact ##\n\nBy exploiting the documented vulnerabilities, an attacker can execute\nJavaScript code in a user\u0027s browser within the origin of the router. \nThe attacker might take over existing or future administrative web\nmanagement sessions and gain access to the device. \n\nWe recommend upgrading to version RUT9XX_R_00.05.01.1 or newer, which\nincludes fixes for the vulnerabilities described in this advisory. The scripts are part of\nthe coova-chilli captive portal. However, in firmware versions before\nRUT9XX_R_00.04.233 the vulnerabilities are exploitable regardless of\nthe device configuration, even if no captive portal is configured. \n\nMore concretely, the following parameters are vulnerable:\n\n* `/cgi-bin/hotspotlogin.cgi`\n  * *If* res=failed or res=notyet\n    * challenge\n    * uamip\n    * uamport\n    * userurl\n\nThe affected script outputs these input parameters in an HTML context\nwithout proper output encoding. \n\nThe vulnerabilities are located in `hotspotlogin.cgi`:\n\n```lua\n[...]\nelseif result == 2 or result == 5 then\n        replace_tags.formHeader = [[\u003cform name=\"myForm\" method=\"post\" action=\"]] .. loginpath .. [[\"\u003e\n                        \u003cINPUT TYPE=\"hidden\" NAME=\"challenge\" VALUE=\"]] .. challenge .. [[\"\u003e\n                        \u003cINPUT TYPE=\"hidden\" NAME=\"]] .. names[\"uamip\"] .. [[\" VALUE=\"]] .. uamip .. [[\"\u003e\n                        \u003cINPUT TYPE=\"hidden\" NAME=\"]] .. names[\"uamport\"] .. [[\" VALUE=\"]] .. uamport .. [[\"\u003e\n                        \u003cINPUT TYPE=\"hidden\" NAME=\"]] .. names[\"userurl\"] .. [[\" VALUE=\"]] ..userurldecode .. [[\"\u003e\n                        \u003cINPUT TYPE=\"hidden\" NAME=\"res\" VALUE=\"]] .. res .. [[\"\u003e]]\n        replace_tags.formFooter = [[\u003c/form\u003e]]\n[...]\n```\n\nAs the above code snippet shows, the parameter `userurl` contains user\ninput and is output without performing any HTML escaping. \n\n## Proof-of-Concept ##\n\nAn attacker can exploit this vulnerability by manipulating the `userurl`\nquery parameter:\n\n```text\nhttp://\u003cIP\u003e/cgi-bin/hotspotlogin.cgi?res=failed\u0026userurl=\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\u003cspan\n```\n\nAn attacker can exploit the other parameters (e.g. challenge) via POST\nrequests:\n\n```html\n\u003cform action=\"http://\u003cIP\u003e/cgi-bin/hotspotlogin.cgi\" method=\"post\" enctype=\"text/plain\"\u003e\n\u003cinput type=\"hidden\" name=\"res\" value=\"failed\u0026challenge=\u0026quot;\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\u003cspan\u0026quot;\"\u003e\n\u003cinput type=\"submit\" value=\"challenge\"\u003e\n\u003c/form\u003e\n```\n\n## Timeline ##\n\n* `2018-04-10` identification of vulnerability in version RUT9XX_R_00.04.161\n* `2018-04-16` re-test of version RUT9XX_R_00.04.172\n* `2018-04-16` initial vendor contact through public address\n* `2018-04-18` vendor response with security contact\n* `2018-04-19` disclosed vulnerability to vendor security contact\n* `2018-04-26` vendor released fix in version RUT9XX_R_00.04.233\n* `2018-07-09` notify vendor about incomplete fix in version RUT9XX_R_00.05.00.5\n* `2018-07-19` vendor released fix in version RUT9XX_R_00.05.01.1\n* `2018-07-25` re-test of version RUT9XX_R_00.05.01.2\n* `2018-09-25` request CVE from MITRE\n* `2018-09-26` MITRE assigned CVE-2018-17533\n* `2018-10-11` public disclosure\n\n## References ##\n\n* Firmware Changelog: \u003chttps://wiki.teltonika.lt/index.php?title=RUT9xx_Firmware\u003e\n\n## Credits ##\n\n* David Gnedt ([SBA Research](https://www.sba-research.org/))\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-17533"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011053"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-18495"
          },
          {
            "db": "PACKETSTORM",
            "id": "149781"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-17533",
            "trust": 3.1
          },
          {
            "db": "PACKETSTORM",
            "id": "149781",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011053",
            "trust": 0.8
          },
          {
            "db": "EXPLOITALERT",
            "id": "31168",
            "trust": 0.6
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-18495",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-711",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18495"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011053"
          },
          {
            "db": "PACKETSTORM",
            "id": "149781"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-711"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17533"
          }
        ]
      },
      "id": "VAR-201810-0456",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18495"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18495"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:30:16.751000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://teltonika.lt/"
          },
          {
            "title": "Patch for TeltonikaRUT9XX Cross-Site Scripting Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/163897"
          },
          {
            "title": "Teltonika RUT9XX Repair measures for router cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85808"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18495"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011053"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-711"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011053"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17533"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "http://packetstormsecurity.com/files/149781/teltonika-rut9xx-reflected-cross-site-scripting.html"
          },
          {
            "trust": 1.7,
            "url": "https://github.com/sbaresearch/advisories/tree/public/2018/sba-adv-20180410-01_teltonika_cross_site_scripting"
          },
          {
            "trust": 1.6,
            "url": "http://seclists.org/fulldisclosure/2018/oct/29"
          },
          {
            "trust": 1.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17533"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17533"
          },
          {
            "trust": 0.6,
            "url": "https://www.exploitalert.com/view-details.html?id=31168"
          },
          {
            "trust": 0.1,
            "url": "https://teltonika.lt/)"
          },
          {
            "trust": 0.1,
            "url": "http://\u003cip\u003e/cgi-bin/hotspotlogin.cgi?res=failed\u0026userurl=\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\u003cspan"
          },
          {
            "trust": 0.1,
            "url": "https://teltonika.lt/product/rut955/)"
          },
          {
            "trust": 0.1,
            "url": "http://\u003cip\u003e/cgi-bin/hotspotlogin.cgi\""
          },
          {
            "trust": 0.1,
            "url": "https://teltonika.lt/product/rut955/\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://wiki.teltonika.lt/index.php?title=rut9xx_firmware\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://www.sba-research.org/))"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18495"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011053"
          },
          {
            "db": "PACKETSTORM",
            "id": "149781"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-711"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17533"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18495"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011053"
          },
          {
            "db": "PACKETSTORM",
            "id": "149781"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-711"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17533"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-06-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-18495"
          },
          {
            "date": "2019-01-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011053"
          },
          {
            "date": "2018-10-12T16:22:13",
            "db": "PACKETSTORM",
            "id": "149781"
          },
          {
            "date": "2018-10-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201810-711"
          },
          {
            "date": "2018-10-15T19:29:01.837000",
            "db": "NVD",
            "id": "CVE-2018-17533"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-06-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-18495"
          },
          {
            "date": "2019-01-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011053"
          },
          {
            "date": "2018-10-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201810-711"
          },
          {
            "date": "2024-11-21T03:54:33.783000",
            "db": "NVD",
            "id": "CVE-2018-17533"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-711"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Teltonika RUT9XX Router firmware cross-site scripting vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011053"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "xss",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "149781"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-711"
          }
        ],
        "trust": 0.7
      }
    }

    VAR-201810-0457

    Vulnerability from variot - Updated: 2024-11-23 22:26

    Teltonika RUT9XX routers with firmware before 00.04.233 provide a root terminal on a serial interface without proper access control. This allows attackers with physical access to execute arbitrary commands with root privileges. Teltonika RUT9XX Router firmware contains vulnerabilities related to authorization, authority, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TeltonikaRUT9XXrouters (also known as LuCI) is a router product from Teltonika, Lithuania. There is an arbitrary command execution vulnerability in TeltonikaRUT9XX with firmware version lower than 00.04.223

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201810-0457",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rut900",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "teltonika",
            "version": "00.04.233"
          },
          {
            "model": "rut950",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "teltonika",
            "version": "00.04.233"
          },
          {
            "model": "rut955",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "teltonika",
            "version": "00.04.233"
          },
          {
            "model": "rut9xx",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "teltonika",
            "version": "00.04.233"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18496"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011054"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17534"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:teltonika:rut900_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:teltonika:rut950_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:teltonika:rut955_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011054"
          }
        ]
      },
      "cve": "CVE-2018-17534",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-17534",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.2,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 3.9,
                "id": "CNVD-2019-18496",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 0.9,
                "id": "CVE-2018-17534",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-17534",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-17534",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-18496",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201810-712",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18496"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011054"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-712"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17534"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Teltonika RUT9XX routers with firmware before 00.04.233 provide a root terminal on a serial interface without proper access control. This allows attackers with physical access to execute arbitrary commands with root privileges. Teltonika RUT9XX Router firmware contains vulnerabilities related to authorization, authority, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TeltonikaRUT9XXrouters (also known as LuCI) is a router product from Teltonika, Lithuania. There is an arbitrary command execution vulnerability in TeltonikaRUT9XX with firmware version lower than 00.04.223",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-17534"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011054"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-18496"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-17534",
            "trust": 3.0
          },
          {
            "db": "PACKETSTORM",
            "id": "149779",
            "trust": 2.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011054",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-18496",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-712",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18496"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011054"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-712"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17534"
          }
        ]
      },
      "id": "VAR-201810-0457",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18496"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18496"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:26:08.921000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://teltonika.lt/"
          },
          {
            "title": "Patch of TeltonikaRUT9XX arbitrary command execution vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/163895"
          },
          {
            "title": "Teltonika RUT9XX Repair measures for router security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85809"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18496"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011054"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-712"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-287",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-264",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011054"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17534"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "http://packetstormsecurity.com/files/149779/teltonika-rut9xx-missing-access-control-to-uart-root-terminal.html"
          },
          {
            "trust": 1.6,
            "url": "http://seclists.org/fulldisclosure/2018/oct/28"
          },
          {
            "trust": 1.6,
            "url": "https://github.com/sbaresearch/advisories/tree/public/2018/sba-adv-20180319-02_teltonika_incorrect_access_control"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17534"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17534"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18496"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011054"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-712"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17534"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18496"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011054"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-712"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17534"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-06-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-18496"
          },
          {
            "date": "2019-01-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011054"
          },
          {
            "date": "2018-10-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201810-712"
          },
          {
            "date": "2018-10-15T19:29:02.070000",
            "db": "NVD",
            "id": "CVE-2018-17534"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-06-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-18496"
          },
          {
            "date": "2019-01-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011054"
          },
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201810-712"
          },
          {
            "date": "2024-11-21T03:54:33.980000",
            "db": "NVD",
            "id": "CVE-2018-17534"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-712"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Teltonika RUT9XX Vulnerabilities related to authorization, authority, and access control in router firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011054"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-712"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201810-0455

    Vulnerability from variot - Updated: 2024-11-23 22:12

    Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input sanitization. This allows remote attackers to execute arbitrary commands with root privileges. TeltonikaRUT9XXrouters (also known as LuCI) is a router product from Teltonika, Lithuania.

    • Identifier : SBA-ADV-20180319-01
    • Type of Vulnerability : OS Command Injection
    • Software/Product Name : Teltonika RUT955
    • Vendor : Teltonika
    • Affected Versions : Firmware RUT9XX_R_00.04.172 and probably prior
    • Fixed in Version : RUT9XX_R_00.04.233
    • CVE ID : CVE-2018-17532
    • CVSSv3 Vector : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    • CVSSv3 Base Score : 9.8 (Critical)

    Vendor Description

    RUT955 is a highly reliable and secure LTE router with I/O, GNSS and RS232/RS485 for professional applications. Router delivers high performance, mission-critical cellular communication and GPS location capabilities.

    Source: https://teltonika.lt/product/rut955/

    Impact

    An attacker can fully compromise the device, by exploiting the vulnerabilities documented in this advisory. Sensitive data stored or transmitted via the device might get exposed through this attack.

    We recommend upgrading to version RUT9XX_R_00.04.233 or newer, which includes fixes for the vulnerabilities described in this advisory. The scripts are part of the coova-chilli captive portal. However, the vulnerabilities are exploitable regardless of the device configuration, even if no captive portal is configured.

    More concretely, the following parameters are vulnerable:

    • /cgi-bin/autologin.cgi
    • reply
    • uamport
    • challenge
    • userurl
    • res
    • reason
    • If res=success
      • uamip
      • uamport
      • userurl
    • /cgi-bin/hotspotlogin.cgi
    • If send=1
      • uamip
      • TelNum
      • challenge
      • uamport
      • userurl
    • If button=1 or (res=wispr and UserName=1)
      • uamport
      • uamip
    • If res=success or res=already or res=popup2
      • uamip
      • uamport
    • If res=logoff or res=popup3
      • uamip
      • uamport

    The affected scripts use these parameters to build OS commands via string concatenation without proper sanitization.

    The vulnerabilities are located in the source files hotspotlogin.cgi and landing_page_functions.lua, which is included from autologin.cgi and hotspotlogin.cgi.

    For example, it provides the function getParam, which directly passes the argument to io.popen:

    [...]
    function getParam(string)
            local h = io.popen(string)
            local t = h:read()
            h:close()
            return t
    end
    [...]
    

    landing_page_functions.lua also provides the functions debug and get_ifname, which use os.execute and getParam in an insecure way:

    [...]
    function debug(string)
            if debug_enable == 1 then
                    os.execute("/usr/bin/logger -t hotspotlogin.cgi \""..string.."\"")
            end
    end
    [...]
    function get_ifname(ip)
            local result = getParam(format("ip addr | grep \"%s\"", ip))
            local tun = string.match(result, "(tun%d+)")
            local ifname = "wlan0"
    [...]
    

    For example, hotspotlogin.cgi makes use of the functions get_ifname and getParam. Occasionally, it also insecurely uses os.execute directly:

    [...]
    if send and send ~= "" and tel_num then
            local ifname = get_ifname(uamip)
            local pass = generate_code(ifname) or "0000"
            tel_num = tel_num:gsub("%%2B", "+")
            local exists = getParam("grep \"" ..tel_num.. "\" /etc/chilli/" .. ifname .. "/smsusers")
            local user = string.format("%s", pass)
            local uri = os.getenv("REQUEST_URI")
            local message = string.format("%s Password - %s  \n Link - http://%s%s?challenge=%s&uamport=%s&uamip=%s&userurl=%s&UserName=%s&button=1", tel_num, pass, uamip, uri, challenge, uamport, uamip, userurl, pass)
            local smsotp_mesg=string.format("%s;%s", tel_num, pass)
            message = getParam(string.format("/usr/sbin/gsmctl -Ss \"%s\"", message))
    
            if message == "OK" then
                    os.execute("echo \""..smsotp_mesg.."\" >> /tmp/smsotp.log")
                    sms = "sent"
                    if exists then
                            os.execute("sed -i 's/" ..exists.. "/" ..user.. "/g' /etc/chilli/" .. ifname .. "/smsusers")
                    else
                            os.execute("echo \"" ..user.. "\" >>/etc/chilli/" .. ifname .. "/smsusers")
                    end
    [...]
    

    In one of the first lines of the above code snippet, hotspotlogin.cgi calls get_ifname with unsanitized user input from the parameter uamip. A few lines later it calls getParam with unsanitized user input from the parameter TelNum. In a further call to getParam it uses more unsanitized user input.

    There are futher locations that call insecure functions like debug and get_ifname either directly or indirectly with user input from the scripts autologin.cgi and hotspotlogin.cgi.

    Proof-of-Concept

    For example, an attacker can exploit this vulnerability by manipulating the uamip parameter:

    curl -v -o /dev/null "http://$IP/cgi-bin/hotspotlogin.cgi" -d 'send=1&uamip="; id >/tmp/test #'
    

    The device executes the commands with root privileges:

    # cat /tmp/test
    uid=0(root) gid=0(root)
    

    Timeline

    • 2018-03-19 identification of vulnerability in version RUT9XX_R_00.04.84
    • 2018-04-10 detailed analysis of version RUT9XX_R_00.04.161
    • 2018-04-16 re-test of version RUT9XX_R_00.04.172
    • 2018-04-16 initial vendor contact through public address
    • 2018-04-18 vendor response with security contact
    • 2018-04-19 disclosed vulnerability to vendor security contact
    • 2018-04-26 vendor released fix in version RUT9XX_R_00.04.233
    • 2018-07-09 re-test of version RUT9XX_R_00.05.00.5
    • 2018-09-25 request CVE from MITRE
    • 2018-09-26 MITRE assigned CVE-2018-17532
    • 2018-10-11 public disclosure

    References

    Credits

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201810-0455",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rut900",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "teltonika",
            "version": "00.04.233"
          },
          {
            "model": "rut950",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "teltonika",
            "version": "00.04.233"
          },
          {
            "model": "rut955",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "teltonika",
            "version": "00.04.233"
          },
          {
            "model": "rut9xx",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "teltonika",
            "version": "00.04.233"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18494"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011063"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17532"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:teltonika:rut900_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:teltonika:rut950_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:teltonika:rut955_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011063"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "David Gnedt",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "149777"
          }
        ],
        "trust": 0.1
      },
      "cve": "CVE-2018-17532",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-17532",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-18494",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-17532",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-17532",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-17532",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-18494",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201810-710",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULMON",
                "id": "CVE-2018-17532",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18494"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-17532"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011063"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-710"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17532"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input sanitization. This allows remote attackers to execute arbitrary commands with root privileges. TeltonikaRUT9XXrouters (also known as LuCI) is a router product from Teltonika, Lithuania. \n\n* **Identifier**            : SBA-ADV-20180319-01\n* **Type of Vulnerability** : OS Command Injection\n* **Software/Product Name** : [Teltonika RUT955](https://teltonika.lt/product/rut955/)\n* **Vendor**                : [Teltonika](https://teltonika.lt/)\n* **Affected Versions**     : Firmware RUT9XX_R_00.04.172 and probably prior\n* **Fixed in Version**      : RUT9XX_R_00.04.233\n* **CVE ID**                : CVE-2018-17532\n* **CVSSv3 Vector**         : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n* **CVSSv3 Base Score**     : 9.8 (Critical)\n\n## Vendor Description ##\n\n\u003e RUT955 is a highly reliable and secure LTE router with I/O, GNSS and\n\u003e RS232/RS485 for professional applications. Router delivers high\n\u003e performance, mission-critical cellular communication and GPS location\n\u003e capabilities. \n\nSource: \u003chttps://teltonika.lt/product/rut955/\u003e\n\n## Impact ##\n\nAn attacker can fully compromise the device, by exploiting the\nvulnerabilities documented in this advisory. Sensitive data stored or\ntransmitted via the device might get exposed through this attack. \n\nWe recommend upgrading to version RUT9XX_R_00.04.233 or newer, which\nincludes fixes for the vulnerabilities described in this advisory. The scripts are\npart of the coova-chilli captive portal. However, the vulnerabilities\nare exploitable regardless of the device configuration, even if no\ncaptive portal is configured. \n\nMore concretely, the following parameters are vulnerable:\n\n* `/cgi-bin/autologin.cgi`\n  * reply\n  * uamport\n  * challenge\n  * userurl\n  * res\n  * reason\n  * *If* res=success\n    * uamip\n    * uamport\n    * userurl\n* `/cgi-bin/hotspotlogin.cgi`\n  * *If* send=1\n    * uamip\n    * TelNum\n    * challenge\n    * uamport\n    * userurl\n  * *If* button=1 or (res=wispr and UserName=1)\n    * uamport\n    * uamip\n  * *If* res=success or res=already or res=popup2\n    * uamip\n    * uamport\n  * *If* res=logoff or res=popup3\n    * uamip\n    * uamport\n\nThe affected scripts use these parameters to build OS commands via\nstring concatenation without proper sanitization. \n\nThe vulnerabilities are located in the source files `hotspotlogin.cgi`\nand `landing_page_functions.lua`, which is included from `autologin.cgi`\nand `hotspotlogin.cgi`. \n\nFor example, it provides the function `getParam`, which directly passes\nthe argument to `io.popen`:\n\n```lua\n[...]\nfunction getParam(string)\n        local h = io.popen(string)\n        local t = h:read()\n        h:close()\n        return t\nend\n[...]\n```\n\n`landing_page_functions.lua` also provides the functions `debug` and\n`get_ifname`, which use `os.execute` and `getParam` in an insecure way:\n\n```lua\n[...]\nfunction debug(string)\n        if debug_enable == 1 then\n                os.execute(\"/usr/bin/logger -t hotspotlogin.cgi \\\"\"..string..\"\\\"\")\n        end\nend\n[...]\nfunction get_ifname(ip)\n        local result = getParam(format(\"ip addr | grep \\\"%s\\\"\", ip))\n        local tun = string.match(result, \"(tun%d+)\")\n        local ifname = \"wlan0\"\n[...]\n```\n\nFor example, `hotspotlogin.cgi` makes use of the functions `get_ifname` and\n`getParam`. Occasionally, it also insecurely uses `os.execute` directly:\n\n```lua\n[...]\nif send and send ~= \"\" and tel_num then\n        local ifname = get_ifname(uamip)\n        local pass = generate_code(ifname) or \"0000\"\n        tel_num = tel_num:gsub(\"%%2B\", \"+\")\n        local exists = getParam(\"grep \\\"\" ..tel_num.. \"\\\" /etc/chilli/\" .. ifname .. \"/smsusers\")\n        local user = string.format(\"%s\", pass)\n        local uri = os.getenv(\"REQUEST_URI\")\n        local message = string.format(\"%s Password - %s  \\n Link - http://%s%s?challenge=%s\u0026uamport=%s\u0026uamip=%s\u0026userurl=%s\u0026UserName=%s\u0026button=1\", tel_num, pass, uamip, uri, challenge, uamport, uamip, userurl, pass)\n        local smsotp_mesg=string.format(\"%s;%s\", tel_num, pass)\n        message = getParam(string.format(\"/usr/sbin/gsmctl -Ss \\\"%s\\\"\", message))\n\n        if message == \"OK\" then\n                os.execute(\"echo \\\"\"..smsotp_mesg..\"\\\" \u003e\u003e /tmp/smsotp.log\")\n                sms = \"sent\"\n                if exists then\n                        os.execute(\"sed -i \u0027s/\" ..exists.. \"/\" ..user.. \"/g\u0027 /etc/chilli/\" .. ifname .. \"/smsusers\")\n                else\n                        os.execute(\"echo \\\"\" ..user.. \"\\\" \u003e\u003e/etc/chilli/\" .. ifname .. \"/smsusers\")\n                end\n[...]\n```\n\nIn one of the first lines of the above code snippet, `hotspotlogin.cgi`\ncalls `get_ifname` with unsanitized user input from the parameter\n`uamip`. A few lines later it calls `getParam` with unsanitized user\ninput from the parameter `TelNum`. In a further call to `getParam` it\nuses more unsanitized user input. \n\nThere are futher locations that call insecure functions like `debug`\nand `get_ifname` either directly or indirectly with user input from the\nscripts `autologin.cgi` and `hotspotlogin.cgi`. \n\n## Proof-of-Concept ##\n\nFor example, an attacker can exploit this vulnerability by manipulating\nthe `uamip` parameter:\n\n```sh\ncurl -v -o /dev/null \"http://$IP/cgi-bin/hotspotlogin.cgi\" -d \u0027send=1\u0026uamip=\"; id \u003e/tmp/test #\u0027\n```\n\nThe device executes the commands with root privileges:\n\n```bash\n# cat /tmp/test\nuid=0(root) gid=0(root)\n```\n\n## Timeline ##\n\n* `2018-03-19` identification of vulnerability in version RUT9XX_R_00.04.84\n* `2018-04-10` detailed analysis of version RUT9XX_R_00.04.161\n* `2018-04-16` re-test of version RUT9XX_R_00.04.172\n* `2018-04-16` initial vendor contact through public address\n* `2018-04-18` vendor response with security contact\n* `2018-04-19` disclosed vulnerability to vendor security contact\n* `2018-04-26` vendor released fix in version RUT9XX_R_00.04.233\n* `2018-07-09` re-test of version RUT9XX_R_00.05.00.5\n* `2018-09-25` request CVE from MITRE\n* `2018-09-26` MITRE assigned CVE-2018-17532\n* `2018-10-11` public disclosure\n\n## References ##\n\n* Firmware Changelog: \u003chttps://wiki.teltonika.lt/index.php?title=RUT9xx_Firmware\u003e\n\n## Credits ##\n\n* David Gnedt ([SBA Research](https://www.sba-research.org/))\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-17532"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011063"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-18494"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-17532"
          },
          {
            "db": "PACKETSTORM",
            "id": "149777"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-17532",
            "trust": 3.2
          },
          {
            "db": "PACKETSTORM",
            "id": "149777",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011063",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-18494",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-710",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-17532",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18494"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-17532"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011063"
          },
          {
            "db": "PACKETSTORM",
            "id": "149777"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-710"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17532"
          }
        ]
      },
      "id": "VAR-201810-0455",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18494"
          }
        ],
        "trust": 1.6
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18494"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:12:19.248000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://teltonika.lt/"
          },
          {
            "title": "TeltonikaRUT9XXOS command injection vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/163899"
          },
          {
            "title": "Teltonika RUT9XX Repair measures for router operating system command injection vulnerability",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85807"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18494"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011063"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-710"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011063"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17532"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "http://packetstormsecurity.com/files/149777/teltonika-rut9xx-unauthenticated-os-command-injection.html"
          },
          {
            "trust": 1.8,
            "url": "https://github.com/sbaresearch/advisories/tree/public/2018/sba-adv-20180319-01_teltonika_os_command_injection"
          },
          {
            "trust": 1.8,
            "url": "http://seclists.org/fulldisclosure/2018/oct/27"
          },
          {
            "trust": 1.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17532"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17532"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/78.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://teltonika.lt/)"
          },
          {
            "trust": 0.1,
            "url": "https://teltonika.lt/product/rut955/)"
          },
          {
            "trust": 0.1,
            "url": "http://%s%s?challenge=%s\u0026uamport=%s\u0026uamip=%s\u0026userurl=%s\u0026username=%s\u0026button=1\","
          },
          {
            "trust": 0.1,
            "url": "https://teltonika.lt/product/rut955/\u003e"
          },
          {
            "trust": 0.1,
            "url": "http://$ip/cgi-bin/hotspotlogin.cgi\""
          },
          {
            "trust": 0.1,
            "url": "https://wiki.teltonika.lt/index.php?title=rut9xx_firmware\u003e"
          },
          {
            "trust": 0.1,
            "url": "https://www.sba-research.org/))"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18494"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-17532"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011063"
          },
          {
            "db": "PACKETSTORM",
            "id": "149777"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-710"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17532"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18494"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-17532"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011063"
          },
          {
            "db": "PACKETSTORM",
            "id": "149777"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-710"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-17532"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-06-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-18494"
          },
          {
            "date": "2018-10-15T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-17532"
          },
          {
            "date": "2019-01-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011063"
          },
          {
            "date": "2018-10-12T16:16:15",
            "db": "PACKETSTORM",
            "id": "149777"
          },
          {
            "date": "2018-10-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201810-710"
          },
          {
            "date": "2018-10-15T19:29:01.617000",
            "db": "NVD",
            "id": "CVE-2018-17532"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-06-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-18494"
          },
          {
            "date": "2018-11-30T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-17532"
          },
          {
            "date": "2019-01-04T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-011063"
          },
          {
            "date": "2018-10-16T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201810-710"
          },
          {
            "date": "2024-11-21T03:54:33.640000",
            "db": "NVD",
            "id": "CVE-2018-17532"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "149777"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-710"
          }
        ],
        "trust": 0.7
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Teltonika RUT9XX In router firmware  OS Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-011063"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-710"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201906-1115

    Vulnerability from variot - Updated: 2024-11-23 21:52

    An issue was discovered on Teltonika RTU950 R_31.04.89 devices. The application allows a user to login without limitation. For every successful login request, the application saves a session. A user can re-login without logging out, causing the application to store the session in memory. Exploitation of this vulnerability will increase memory use and consume free space. Teltonika RTU950 The device contains a vulnerability related to the use of freed memory.Service operation interruption (DoS) There is a possibility of being put into a state. TeltonikaRUT950 is a LET router product from Teltonika, Lithuania. There is a security vulnerability in the TeltonikaRTU950R_31.04.89 release

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201906-1115",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rut950",
            "scope": "eq",
            "trust": 1.8,
            "vendor": "teltonika",
            "version": "r_31.04.89"
          },
          {
            "model": "rtu950 r 31.04.89",
            "scope": null,
            "trust": 0.6,
            "vendor": "teltonika",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18738"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015714"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19878"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:teltonika:rut950_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015714"
          }
        ]
      },
      "cve": "CVE-2018-19878",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2018-19878",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-18738",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 6.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "VHN-130581",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2018-19878",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-19878",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-19878",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-18738",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201906-744",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-130581",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18738"
          },
          {
            "db": "VULHUB",
            "id": "VHN-130581"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015714"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-744"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19878"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered on Teltonika RTU950 R_31.04.89 devices. The application allows a user to login without limitation. For every successful login request, the application saves a session. A user can re-login without logging out, causing the application to store the session in memory. Exploitation of this vulnerability will increase memory use and consume free space. Teltonika RTU950 The device contains a vulnerability related to the use of freed memory.Service operation interruption (DoS) There is a possibility of being put into a state. TeltonikaRUT950 is a LET router product from Teltonika, Lithuania. There is a security vulnerability in the TeltonikaRTU950R_31.04.89 release",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19878"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015714"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-18738"
          },
          {
            "db": "VULHUB",
            "id": "VHN-130581"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-19878",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015714",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-744",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-18738",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-130581",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18738"
          },
          {
            "db": "VULHUB",
            "id": "VHN-130581"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015714"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-744"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19878"
          }
        ]
      },
      "id": "VAR-201906-1115",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18738"
          },
          {
            "db": "VULHUB",
            "id": "VHN-130581"
          }
        ],
        "trust": 1.7
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18738"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:52:09.059000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://teltonika.lt/"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015714"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-416",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-130581"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015714"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19878"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19878"
          },
          {
            "trust": 1.7,
            "url": "https://www.triadsec.com/cve-2018-19878.pdf"
          },
          {
            "trust": 1.1,
            "url": "https://www.triadsec.com/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19878"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18738"
          },
          {
            "db": "VULHUB",
            "id": "VHN-130581"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015714"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-744"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19878"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-18738"
          },
          {
            "db": "VULHUB",
            "id": "VHN-130581"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015714"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-744"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19878"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-06-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-18738"
          },
          {
            "date": "2019-06-19T00:00:00",
            "db": "VULHUB",
            "id": "VHN-130581"
          },
          {
            "date": "2019-06-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-015714"
          },
          {
            "date": "2019-06-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201906-744"
          },
          {
            "date": "2019-06-19T16:15:10.937000",
            "db": "NVD",
            "id": "CVE-2018-19878"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-06-20T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-18738"
          },
          {
            "date": "2019-06-21T00:00:00",
            "db": "VULHUB",
            "id": "VHN-130581"
          },
          {
            "date": "2019-06-25T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-015714"
          },
          {
            "date": "2019-06-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201906-744"
          },
          {
            "date": "2024-11-21T03:58:44.323000",
            "db": "NVD",
            "id": "CVE-2018-19878"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-744"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Teltonika RTU950 Vulnerability related to using freed memory on devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015714"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-744"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201903-1433

    Vulnerability from variot - Updated: 2024-11-23 21:37

    An issue was discovered in /cgi-bin/luci on Teltonika RTU9XX (e.g., RUT950) R_31.04.89 before R_00.05.00.5 devices. The authentication functionality is not protected from automated tools used to make login attempts to the application. An anonymous attacker has the ability to make unlimited login attempts with an automated tool. This ability could lead to cracking a targeted user's password. Teltonika RTU9XX The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TeltonikaRUT9XX (LuCI) is a LET router product from Teltonika, Lithuania. There is a security vulnerability in /cgi-bin/luci in version R_31.04.89 prior to TeltonikaRTU9XXR_00.05.00.5

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201903-1433",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rut950",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "r_31.04.89"
          },
          {
            "model": "rut950",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "teltonika",
            "version": "r_00.05.00.5"
          },
          {
            "model": "rut950",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "teltonika",
            "version": "r_31.04.89"
          },
          {
            "model": "rtu9xx r 31.04.89",
            "scope": null,
            "trust": 0.6,
            "vendor": "teltonika",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-09285"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015225"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19879"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:teltonika:rut950_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015225"
          }
        ]
      },
      "cve": "CVE-2018-19879",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-19879",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-09285",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-130582",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-19879",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "cve@mitre.org",
                "availabilityImpact": "LOW",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2018-19879",
                "impactScore": 3.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-19879",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "cve@mitre.org",
                "id": "CVE-2018-19879",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-19879",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-09285",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201903-1142",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-130582",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-09285"
          },
          {
            "db": "VULHUB",
            "id": "VHN-130582"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015225"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201903-1142"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19879"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19879"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered in /cgi-bin/luci on Teltonika RTU9XX (e.g., RUT950) R_31.04.89 before R_00.05.00.5 devices. The authentication functionality is not protected from automated tools used to make login attempts to the application. An anonymous attacker has the ability to make unlimited login attempts with an automated tool. This ability could lead to cracking a targeted user\u0027s password. Teltonika RTU9XX The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TeltonikaRUT9XX (LuCI) is a LET router product from Teltonika, Lithuania. There is a security vulnerability in /cgi-bin/luci in version R_31.04.89 prior to TeltonikaRTU9XXR_00.05.00.5",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-19879"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015225"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-09285"
          },
          {
            "db": "VULHUB",
            "id": "VHN-130582"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-19879",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015225",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201903-1142",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-09285",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-130582",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-09285"
          },
          {
            "db": "VULHUB",
            "id": "VHN-130582"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015225"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201903-1142"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19879"
          }
        ]
      },
      "id": "VAR-201903-1433",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-09285"
          },
          {
            "db": "VULHUB",
            "id": "VHN-130582"
          }
        ],
        "trust": 1.7
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-09285"
          }
        ]
      },
      "last_update_date": "2024-11-23T21:37:34.087000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "RUT9xx Firmware",
            "trust": 0.8,
            "url": "https://wiki.teltonika.lt/index.php?title=RUT9xx_Firmware"
          },
          {
            "title": "Patch for TeltonikaRUT9XX authentication vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/158263"
          },
          {
            "title": "Teltonika RUT9XX Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=90552"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-09285"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015225"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201903-1142"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-307",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-255",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-130582"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015225"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19879"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19879"
          },
          {
            "trust": 1.7,
            "url": "https://wiki.teltonika.lt/index.php?title=rut9xx_firmware"
          },
          {
            "trust": 1.7,
            "url": "https://www.triadsec.com/cve-2018-19879.pdf"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19879"
          },
          {
            "trust": 0.6,
            "url": "https://www.triadsec.com/cve-2018-19878.pdf"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-09285"
          },
          {
            "db": "VULHUB",
            "id": "VHN-130582"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015225"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201903-1142"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19879"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-09285"
          },
          {
            "db": "VULHUB",
            "id": "VHN-130582"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015225"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201903-1142"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-19879"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-04-01T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-09285"
          },
          {
            "date": "2019-03-28T00:00:00",
            "db": "VULHUB",
            "id": "VHN-130582"
          },
          {
            "date": "2019-05-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-015225"
          },
          {
            "date": "2019-03-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201903-1142"
          },
          {
            "date": "2019-03-28T17:29:00.427000",
            "db": "NVD",
            "id": "CVE-2018-19879"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-04-07T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-09285"
          },
          {
            "date": "2020-08-24T00:00:00",
            "db": "VULHUB",
            "id": "VHN-130582"
          },
          {
            "date": "2019-05-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-015225"
          },
          {
            "date": "2020-08-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201903-1142"
          },
          {
            "date": "2024-11-21T03:58:44.470000",
            "db": "NVD",
            "id": "CVE-2018-19879"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201903-1142"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Teltonika RTU9XX Vulnerabilities related to certificate and password management in devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015225"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201903-1142"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202305-2096

    Vulnerability from variot - Updated: 2024-08-14 13:52

    Version 00.07.03.4 and prior of Teltonika’s RUT router firmware contain a packet dump utility that contains proper validation for filter parameters. However, variables for validation checks are stored in an external configuration file. An authenticated attacker could use an exposed UCI configuration utility to change these variables and enable malicious parameters in the dump utility, which could result in arbitrary code execution. rut200 firmware, rut240 firmware, rut241 firmware etc. teltonika-networks The product contains vulnerabilities related to external control of system configuration or settings.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202305-2096",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rut951",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.03.4"
          },
          {
            "model": "rutxr1",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.00"
          },
          {
            "model": "rutxr1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.03.4"
          },
          {
            "model": "rut200",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.03.4"
          },
          {
            "model": "rut901",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.03.4"
          },
          {
            "model": "rutx09",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.03.4"
          },
          {
            "model": "rutx10",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.03.4"
          },
          {
            "model": "rut950",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.03.4"
          },
          {
            "model": "rut955",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.03.4"
          },
          {
            "model": "rutx50",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.00"
          },
          {
            "model": "rut241",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.03.4"
          },
          {
            "model": "rutx08",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.03.4"
          },
          {
            "model": "rut300",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.03.4"
          },
          {
            "model": "rutx12",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.03.4"
          },
          {
            "model": "rut240",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.03.4"
          },
          {
            "model": "rutx14",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.03.4"
          },
          {
            "model": "rut360",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.03.4"
          },
          {
            "model": "rut956",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.03.4"
          },
          {
            "model": "rutx14",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.00"
          },
          {
            "model": "rutx50",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.03.4"
          },
          {
            "model": "rutx11",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.03.4"
          },
          {
            "model": "rut360",
            "scope": null,
            "trust": 0.8,
            "vendor": "teltonika",
            "version": null
          },
          {
            "model": "rutxr1",
            "scope": null,
            "trust": 0.8,
            "vendor": "teltonika",
            "version": null
          },
          {
            "model": "rutx14",
            "scope": null,
            "trust": 0.8,
            "vendor": "teltonika",
            "version": null
          },
          {
            "model": "rutx09",
            "scope": null,
            "trust": 0.8,
            "vendor": "teltonika",
            "version": null
          },
          {
            "model": "rutx11",
            "scope": null,
            "trust": 0.8,
            "vendor": "teltonika",
            "version": null
          },
          {
            "model": "rut901",
            "scope": null,
            "trust": 0.8,
            "vendor": "teltonika",
            "version": null
          },
          {
            "model": "rut955",
            "scope": null,
            "trust": 0.8,
            "vendor": "teltonika",
            "version": null
          },
          {
            "model": "rutx12",
            "scope": null,
            "trust": 0.8,
            "vendor": "teltonika",
            "version": null
          },
          {
            "model": "rut240",
            "scope": null,
            "trust": 0.8,
            "vendor": "teltonika",
            "version": null
          },
          {
            "model": "rut241",
            "scope": null,
            "trust": 0.8,
            "vendor": "teltonika",
            "version": null
          },
          {
            "model": "rut956",
            "scope": null,
            "trust": 0.8,
            "vendor": "teltonika",
            "version": null
          },
          {
            "model": "rut951",
            "scope": null,
            "trust": 0.8,
            "vendor": "teltonika",
            "version": null
          },
          {
            "model": "rutx08",
            "scope": null,
            "trust": 0.8,
            "vendor": "teltonika",
            "version": null
          },
          {
            "model": "rutx50",
            "scope": null,
            "trust": 0.8,
            "vendor": "teltonika",
            "version": null
          },
          {
            "model": "rut300",
            "scope": null,
            "trust": 0.8,
            "vendor": "teltonika",
            "version": null
          },
          {
            "model": "rut200",
            "scope": null,
            "trust": 0.8,
            "vendor": "teltonika",
            "version": null
          },
          {
            "model": "rutx10",
            "scope": null,
            "trust": 0.8,
            "vendor": "teltonika",
            "version": null
          },
          {
            "model": "rut950",
            "scope": null,
            "trust": 0.8,
            "vendor": "teltonika",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-007331"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32349"
          }
        ]
      },
      "cve": "CVE-2023-32349",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2023-32349",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "ics-cert@hq.dhs.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.0,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.1,
                "id": "CVE-2023-32349",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2023-32349",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-32349",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "ics-cert@hq.dhs.gov",
                "id": "CVE-2023-32349",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-32349",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202305-1332",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-007331"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202305-1332"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32349"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32349"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "\nVersion 00.07.03.4 and prior of Teltonika\u2019s RUT router firmware contain a packet dump utility that contains proper validation for filter parameters. However, variables for validation checks are stored in an external configuration file. An authenticated attacker could use an exposed UCI configuration utility to change these variables and enable malicious parameters in the dump utility, which could result in arbitrary code execution. rut200 firmware, rut240 firmware, rut241 firmware etc. teltonika-networks The product contains vulnerabilities related to external control of system configuration or settings.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-32349"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-007331"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-32349"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-32349",
            "trust": 3.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-23-131-08",
            "trust": 2.5
          },
          {
            "db": "JVN",
            "id": "JVNVU99158491",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-007331",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2023.2725",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202305-1332",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-32349",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2023-32349"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-007331"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202305-1332"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32349"
          }
        ]
      },
      "id": "VAR-202305-2096",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.5
      },
      "last_update_date": "2024-08-14T13:52:30.037000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Teltonika RUT router Security vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=240038"
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202305-1332"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-15",
            "trust": 1.0
          },
          {
            "problemtype": "External control of system configuration or settings (CWE-15) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-007331"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32349"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu99158491/"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-32349"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2023.2725"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2023-32349/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/15.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2023-32349"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-007331"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202305-1332"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32349"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2023-32349"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-007331"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202305-1332"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32349"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-05-22T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-32349"
          },
          {
            "date": "2023-11-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-007331"
          },
          {
            "date": "2023-05-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202305-1332"
          },
          {
            "date": "2023-05-22T16:15:10.420000",
            "db": "NVD",
            "id": "CVE-2023-32349"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-05-22T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-32349"
          },
          {
            "date": "2023-11-21T08:07:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-007331"
          },
          {
            "date": "2023-06-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202305-1332"
          },
          {
            "date": "2023-06-01T17:54:27.743000",
            "db": "NVD",
            "id": "CVE-2023-32349"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202305-1332"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural \u00a0teltonika-networks\u00a0 Vulnerabilities related to external control of system configuration or settings in the product",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-007331"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202305-1332"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202305-2099

    Vulnerability from variot - Updated: 2024-08-14 13:52

    Versions 00.07.00 through 00.07.03 of Teltonika’s RUT router firmware contain an operating system (OS) command injection vulnerability in a Lua service. An attacker could exploit a parameter in the vulnerable function that calls a user-provided package name by instead providing a package with a malicious name that contains an OS command injection payload. rut200 firmware, rut240 firmware, rut241 firmware etc. (DoS) It may be in a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202305-2099",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "rut240",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.03"
          },
          {
            "model": "rutx14",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.03"
          },
          {
            "model": "rut360",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.03"
          },
          {
            "model": "rut951",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.00"
          },
          {
            "model": "rut955",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.00"
          },
          {
            "model": "rutx10",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.00"
          },
          {
            "model": "rutx50",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.03"
          },
          {
            "model": "rutxr1",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.00"
          },
          {
            "model": "rutx12",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.00"
          },
          {
            "model": "rut956",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.00"
          },
          {
            "model": "rutx11",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.03"
          },
          {
            "model": "rutxr1",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.03"
          },
          {
            "model": "rut950",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.00"
          },
          {
            "model": "rut240",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.00"
          },
          {
            "model": "rut901",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.03"
          },
          {
            "model": "rut951",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.03"
          },
          {
            "model": "rut200",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.03"
          },
          {
            "model": "rutx08",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.00"
          },
          {
            "model": "rutx50",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.00"
          },
          {
            "model": "rut241",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.00"
          },
          {
            "model": "rut300",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.00"
          },
          {
            "model": "rutx09",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.03"
          },
          {
            "model": "rut950",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.03"
          },
          {
            "model": "rutx14",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.00"
          },
          {
            "model": "rut360",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.00"
          },
          {
            "model": "rut955",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.03"
          },
          {
            "model": "rut241",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.03"
          },
          {
            "model": "rutx08",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.03"
          },
          {
            "model": "rutx10",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.03"
          },
          {
            "model": "rut200",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.00"
          },
          {
            "model": "rut901",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.00"
          },
          {
            "model": "rutx12",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.03"
          },
          {
            "model": "rut300",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.03"
          },
          {
            "model": "rut956",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.03"
          },
          {
            "model": "rutx09",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.00"
          },
          {
            "model": "rutx11",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "teltonika",
            "version": "00.07.00"
          },
          {
            "model": "rut360",
            "scope": null,
            "trust": 0.8,
            "vendor": "teltonika",
            "version": null
          },
          {
            "model": "rutxr1",
            "scope": null,
            "trust": 0.8,
            "vendor": "teltonika",
            "version": null
          },
          {
            "model": "rutx14",
            "scope": null,
            "trust": 0.8,
            "vendor": "teltonika",
            "version": null
          },
          {
            "model": "rutx09",
            "scope": null,
            "trust": 0.8,
            "vendor": "teltonika",
            "version": null
          },
          {
            "model": "rutx11",
            "scope": null,
            "trust": 0.8,
            "vendor": "teltonika",
            "version": null
          },
          {
            "model": "rut901",
            "scope": null,
            "trust": 0.8,
            "vendor": "teltonika",
            "version": null
          },
          {
            "model": "rut955",
            "scope": null,
            "trust": 0.8,
            "vendor": "teltonika",
            "version": null
          },
          {
            "model": "rutx12",
            "scope": null,
            "trust": 0.8,
            "vendor": "teltonika",
            "version": null
          },
          {
            "model": "rut240",
            "scope": null,
            "trust": 0.8,
            "vendor": "teltonika",
            "version": null
          },
          {
            "model": "rut241",
            "scope": null,
            "trust": 0.8,
            "vendor": "teltonika",
            "version": null
          },
          {
            "model": "rut956",
            "scope": null,
            "trust": 0.8,
            "vendor": "teltonika",
            "version": null
          },
          {
            "model": "rut951",
            "scope": null,
            "trust": 0.8,
            "vendor": "teltonika",
            "version": null
          },
          {
            "model": "rutx08",
            "scope": null,
            "trust": 0.8,
            "vendor": "teltonika",
            "version": null
          },
          {
            "model": "rutx50",
            "scope": null,
            "trust": 0.8,
            "vendor": "teltonika",
            "version": null
          },
          {
            "model": "rut300",
            "scope": null,
            "trust": 0.8,
            "vendor": "teltonika",
            "version": null
          },
          {
            "model": "rut200",
            "scope": null,
            "trust": 0.8,
            "vendor": "teltonika",
            "version": null
          },
          {
            "model": "rutx10",
            "scope": null,
            "trust": 0.8,
            "vendor": "teltonika",
            "version": null
          },
          {
            "model": "rut950",
            "scope": null,
            "trust": 0.8,
            "vendor": "teltonika",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-007330"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32350"
          }
        ]
      },
      "cve": "CVE-2023-32350",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2023-32350",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "ics-cert@hq.dhs.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.0,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.1,
                "id": "CVE-2023-32350",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2023-32350",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2023-32350",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "ics-cert@hq.dhs.gov",
                "id": "CVE-2023-32350",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2023-32350",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202305-1325",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-007330"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202305-1325"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32350"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32350"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "\nVersions 00.07.00 through 00.07.03 of Teltonika\u2019s RUT router firmware contain an operating system (OS) command injection vulnerability in a Lua service. An attacker could exploit a parameter in the vulnerable function that calls a user-provided package name by instead providing a package with a malicious name that contains an OS command injection payload. rut200 firmware, rut240 firmware, rut241 firmware etc. (DoS) It may be in a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2023-32350"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-007330"
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-32350"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2023-32350",
            "trust": 3.3
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-23-131-08",
            "trust": 2.5
          },
          {
            "db": "JVN",
            "id": "JVNVU99158491",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-007330",
            "trust": 0.8
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2023.2725",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202305-1325",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2023-32350",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2023-32350"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-007330"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202305-1325"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32350"
          }
        ]
      },
      "id": "VAR-202305-2099",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.5
      },
      "last_update_date": "2024-08-14T13:52:30.011000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Teltonika RUT router Fixes for operating system command injection vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=238581"
          }
        ],
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202305-1325"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "OS Command injection (CWE-78) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-007330"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32350"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu99158491/"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2023-32350"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2023-32350/"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2023.2725"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/78.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2023-32350"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-007330"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202305-1325"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32350"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2023-32350"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-007330"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202305-1325"
          },
          {
            "db": "NVD",
            "id": "CVE-2023-32350"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-05-22T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-32350"
          },
          {
            "date": "2023-11-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-007330"
          },
          {
            "date": "2023-05-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202305-1325"
          },
          {
            "date": "2023-05-22T16:15:10.497000",
            "db": "NVD",
            "id": "CVE-2023-32350"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2023-05-22T00:00:00",
            "db": "VULMON",
            "id": "CVE-2023-32350"
          },
          {
            "date": "2023-11-21T08:07:00",
            "db": "JVNDB",
            "id": "JVNDB-2023-007330"
          },
          {
            "date": "2023-06-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202305-1325"
          },
          {
            "date": "2023-06-01T17:55:09.873000",
            "db": "NVD",
            "id": "CVE-2023-32350"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202305-1325"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural \u00a0teltonika-networks\u00a0 In the product \u00a0OS\u00a0 Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2023-007330"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202305-1325"
          }
        ],
        "trust": 0.6
      }
    }