CVE-2023-32350

Versions 00.07.00 through 00.07.03 of Teltonika’s RUT router firmware contain an operating system (OS) command injection vulnerability in a Lua service. An attacker could exploit a parameter in the vulnerable function that calls a user-provided package name by instead providing a package with a malicious name that contains an OS command injection payload.

CVSS v3 8.0 HIGH

8.0^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08	Third Party Advisory US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:teltonika-networks:rut200_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:teltonika-networks:rut200:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:teltonika-networks:rut240_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:teltonika-networks:rut240:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:teltonika-networks:rut241_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:teltonika-networks:rut241:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:teltonika-networks:rut300_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:teltonika-networks:rut300:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:teltonika-networks:rut360_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:teltonika-networks:rut360:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:teltonika-networks:rut901_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:teltonika-networks:rut901:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:teltonika-networks:rut950_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:teltonika-networks:rut950:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:teltonika-networks:rut951_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:teltonika-networks:rut951:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:teltonika-networks:rut955_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:teltonika-networks:rut955:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:teltonika-networks:rut956_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:teltonika-networks:rut956:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:teltonika-networks:rutx08_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:teltonika-networks:rutx08:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:teltonika-networks:rutx09_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:teltonika-networks:rutx09:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:teltonika-networks:rutx10_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:teltonika-networks:rutx10:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:teltonika-networks:rutx11_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:teltonika-networks:rutx11:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:teltonika-networks:rutx12_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:teltonika-networks:rutx12:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:teltonika-networks:rutx14_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:teltonika-networks:rutx14:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:teltonika-networks:rutx50_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:teltonika-networks:rutx50:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:teltonika-networks:rutxr1_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:teltonika-networks:rutxr1:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:03

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~8.8~~	v2 : unknown v3 : 8.0
References	~~() https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08 - Third Party Advisory, US Government Resource~~	() https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08 - Third Party Advisory, US Government Resource

01 Jun 2023, 17:55

Type	Values Removed	Values Added
References	~~(MISC) https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08 -~~	(MISC) https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08 - Third Party Advisory, US Government Resource
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.8
CPE		cpe:2.3:o:teltonika-networks:rutx12_firmware:::::::: cpe:2.3:h:teltonika-networks:rutx12:-:::::::* cpe:2.3:o:teltonika-networks:rutx11_firmware:::::::: cpe:2.3:h:teltonika-networks:rut955:-:::::::* cpe:2.3:h:teltonika-networks:rutx11:-:::::::* cpe:2.3:h:teltonika-networks:rut241:-:::::::* cpe:2.3:h:teltonika-networks:rutx14:-:::::::* cpe:2.3:h:teltonika-networks:rut950:-:::::::* cpe:2.3:o:teltonika-networks:rut956_firmware:::::::: cpe:2.3:o:teltonika-networks:rutx50_firmware:::::::: cpe:2.3:o:teltonika-networks:rut901_firmware:::::::: cpe:2.3:h:teltonika-networks:rut300:-:::::::* cpe:2.3:h:teltonika-networks:rutx50:-:::::::* cpe:2.3:h:teltonika-networks:rut360:-:::::::* cpe:2.3:o:teltonika-networks:rut240_firmware:::::::: cpe:2.3:o:teltonika-networks:rutx09_firmware:::::::: cpe:2.3:h:teltonika-networks:rut200:-:::::::* cpe:2.3:o:teltonika-networks:rut951_firmware:::::::: cpe:2.3:o:teltonika-networks:rutx08_firmware:::::::: cpe:2.3:h:teltonika-networks:rutx10:-:::::::* cpe:2.3:o:teltonika-networks:rut360_firmware:::::::: cpe:2.3:h:teltonika-networks:rutx08:-:::::::* cpe:2.3:o:teltonika-networks:rutxr1_firmware:::::::: cpe:2.3:h:teltonika-networks:rut240:-:::::::* cpe:2.3:h:teltonika-networks:rut951:-:::::::* cpe:2.3:o:teltonika-networks:rut950_firmware:::::::: cpe:2.3:o:teltonika-networks:rutx14_firmware:::::::: cpe:2.3:h:teltonika-networks:rut956:-:::::::* cpe:2.3:h:teltonika-networks:rutxr1:-:::::::* cpe:2.3:h:teltonika-networks:rutx09:-:::::::* cpe:2.3:o:teltonika-networks:rutx10_firmware:::::::: cpe:2.3:o:teltonika-networks:rut200_firmware:::::::: cpe:2.3:o:teltonika-networks:rut300_firmware:::::::: cpe:2.3:o:teltonika-networks:rut955_firmware:::::::: cpe:2.3:o:teltonika-networks:rut241_firmware:::::::: cpe:2.3:h:teltonika-networks:rut901:-:::::::*
First Time		Teltonika-networks rutx14 Teltonika-networks rut955 Teltonika-networks rut955 Firmware Teltonika-networks rutx14 Firmware Teltonika-networks rut950 Teltonika-networks rut241 Teltonika-networks rutx10 Teltonika-networks rut950 Firmware Teltonika-networks rutx11 Firmware Teltonika-networks rutx08 Firmware Teltonika-networks rutxr1 Teltonika-networks rutx12 Teltonika-networks rutx10 Firmware Teltonika-networks rut956 Firmware Teltonika-networks rut360 Teltonika-networks rutx09 Firmware Teltonika-networks rut360 Firmware Teltonika-networks rutx09 Teltonika-networks rut901 Teltonika-networks rut241 Firmware Teltonika-networks rut951 Firmware Teltonika-networks rut300 Teltonika-networks rut200 Teltonika-networks rut200 Firmware Teltonika-networks rut956 Teltonika-networks rut951 Teltonika-networks rut901 Firmware Teltonika-networks rutx11 Teltonika-networks rutx08 Teltonika-networks rutx50 Firmware Teltonika-networks rut240 Teltonika-networks rutx50 Teltonika-networks rutxr1 Firmware Teltonika-networks rut300 Firmware Teltonika-networks rut240 Firmware Teltonika-networks rutx12 Firmware Teltonika-networks

Information

Published : 2023-05-22 16:15

Updated : 2024-11-21 08:03

NVD link : CVE-2023-32350

Mitre link : CVE-2023-32350

CVE.ORG link : CVE-2023-32350

JSON object : View

Products Affected

teltonika-networks

rutx14
rutxr1
rut200_firmware
rutx08_firmware
rut240_firmware
rutx10
rutx11
rutx50
rut950_firmware
rut901_firmware
rut241_firmware
rut901
rutx09_firmware
rut956
rut955_firmware
rut955
rut241
rut360_firmware
rut956_firmware
rut240
rut300_firmware
rut951
rutxr1_firmware
rut360
rutx12_firmware
rut951_firmware
rutx08
rutx12
rutx14_firmware
rut950
rutx11_firmware
rut200
rut300
rutx09
rutx10_firmware
rutx50_firmware

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

8.0 /10