CVE-2023-32349

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-32349
Version 00.07.03.4 and prior of Teltonika’s RUT router firmware contain a packet dump utility that contains proper validation for filter parameters. However, variables for validation checks are stored in an external configuration file. An authenticated attacker could use an exposed UCI configuration utility to change these variables and enable malicious parameters in the dump utility, which could result in arbitrary code execution.

8.0 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08 Third Party Advisory US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:teltonika-networks:rut200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rut200:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:teltonika-networks:rut240_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rut240:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:teltonika-networks:rut241_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rut241:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:teltonika-networks:rut300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rut300:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:teltonika-networks:rut360_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rut360:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:teltonika-networks:rut901_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rut901:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:teltonika-networks:rut950_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rut950:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:teltonika-networks:rut951_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rut951:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:teltonika-networks:rut955_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rut955:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:teltonika-networks:rut956_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rut956:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:teltonika-networks:rutx08_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rutx08:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:teltonika-networks:rutx09_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rutx09:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:teltonika-networks:rutx10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rutx10:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:teltonika-networks:rutx11_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rutx11:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:teltonika-networks:rutx12_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rutx12:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:teltonika-networks:rutx14_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rutx14:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:teltonika-networks:rutx50_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rutx50:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:teltonika-networks:rutxr1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rutxr1:-:*:*:*:*:*:*:*
History

21 Nov 2024, 08:03

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 8.8 		v2 : unknown
v3 : 8.0
References () https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08 - Third Party Advisory, US Government Resource () https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08 - Third Party Advisory, US Government Resource

01 Jun 2023, 17:54

Type Values Removed Values Added
CPE cpe:2.3:o:teltonika-networks:rutx12_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rutx12:-:*:*:*:*:*:*:*
cpe:2.3:o:teltonika-networks:rutx11_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rut955:-:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rutx11:-:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rut241:-:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rutx14:-:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rut950:-:*:*:*:*:*:*:*
cpe:2.3:o:teltonika-networks:rut956_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:teltonika-networks:rutx50_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:teltonika-networks:rut901_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rut300:-:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rutx50:-:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rut360:-:*:*:*:*:*:*:*
cpe:2.3:o:teltonika-networks:rut240_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:teltonika-networks:rutx09_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rut200:-:*:*:*:*:*:*:*
cpe:2.3:o:teltonika-networks:rut951_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:teltonika-networks:rutx08_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rutx10:-:*:*:*:*:*:*:*
cpe:2.3:o:teltonika-networks:rut360_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rutx08:-:*:*:*:*:*:*:*
cpe:2.3:o:teltonika-networks:rutxr1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rut240:-:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rut951:-:*:*:*:*:*:*:*
cpe:2.3:o:teltonika-networks:rut950_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:teltonika-networks:rutx14_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rut956:-:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rutxr1:-:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rutx09:-:*:*:*:*:*:*:*
cpe:2.3:o:teltonika-networks:rutx10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:teltonika-networks:rut200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:teltonika-networks:rut300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:teltonika-networks:rut955_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:teltonika-networks:rut241_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rut901:-:*:*:*:*:*:*:*
First Time Teltonika-networks rutx14
Teltonika-networks rut955
Teltonika-networks rut955 Firmware
Teltonika-networks rutx14 Firmware
Teltonika-networks rut950
Teltonika-networks rut241
Teltonika-networks rutx10
Teltonika-networks rut950 Firmware
Teltonika-networks rutx11 Firmware
Teltonika-networks rutx08 Firmware
Teltonika-networks rutxr1
Teltonika-networks rutx12
Teltonika-networks rutx10 Firmware
Teltonika-networks rut956 Firmware
Teltonika-networks rut360
Teltonika-networks rutx09 Firmware
Teltonika-networks rut360 Firmware
Teltonika-networks rutx09
Teltonika-networks rut901
Teltonika-networks rut241 Firmware
Teltonika-networks rut951 Firmware
Teltonika-networks rut300
Teltonika-networks rut200
Teltonika-networks rut200 Firmware
Teltonika-networks rut956
Teltonika-networks rut951
Teltonika-networks rut901 Firmware
Teltonika-networks rutx11
Teltonika-networks rutx08
Teltonika-networks rutx50 Firmware
Teltonika-networks rut240
Teltonika-networks rutx50
Teltonika-networks rutxr1 Firmware
Teltonika-networks rut300 Firmware
Teltonika-networks rut240 Firmware
Teltonika-networks rutx12 Firmware
Teltonika-networks
References (MISC) https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08 - (MISC) https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08 - Third Party Advisory, US Government Resource
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.8

01 Jun 2023, 01:15

Type Values Removed Values Added
Summary Versions 00.07.00 through 00.07.03.4 of Teltonika’s RUT router firmware contain a packet dump utility that contains proper validation for filter parameters. However, variables for validation checks are stored in an external configuration file. An authenticated attacker could use an exposed UCI configuration utility to change these variables and enable malicious parameters in the dump utility, which could result in arbitrary code execution. Version 00.07.03.4 and prior of Teltonika’s RUT router firmware contain a packet dump utility that contains proper validation for filter parameters. However, variables for validation checks are stored in an external configuration file. An authenticated attacker could use an exposed UCI configuration utility to change these variables and enable malicious parameters in the dump utility, which could result in arbitrary code execution.
Information

Published : 2023-05-22 16:15

Updated : 2024-11-21 08:03

NVD link : CVE-2023-32349

Mitre link : CVE-2023-32349

CVE.ORG link : CVE-2023-32349

JSON object : View

Products Affected

teltonika-networks

  • rut955
  • rut955_firmware
  • rut950_firmware
  • rutx08_firmware
  • rut360_firmware
  • rut956_firmware
  • rut300_firmware
  • rutx11
  • rutx10_firmware
  • rut951
  • rut240
  • rut200_firmware
  • rut300
  • rutx11_firmware
  • rut241
  • rutx12
  • rutxr1
  • rutx14_firmware
  • rut901
  • rut360
  • rut241_firmware
  • rutx50
  • rutx09_firmware
  • rutx12_firmware
  • rutx08
  • rut950
  • rut951_firmware
  • rutx09
  • rutx10
  • rutx14
  • rutx50_firmware
  • rut200
  • rut956
  • rut240_firmware
  • rut901_firmware
  • rutxr1_firmware
CWE
CWE-15

External Control of System or Configuration Setting


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024