CVE-2023-32350

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-32350
Versions 00.07.00 through 00.07.03 of Teltonika’s RUT router firmware contain an operating system (OS) command injection vulnerability in a Lua service. An attacker could exploit a parameter in the vulnerable function that calls a user-provided package name by instead providing a package with a malicious name that contains an OS command injection payload.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:teltonika-networks:rut200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rut200:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:teltonika-networks:rut240_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rut240:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:teltonika-networks:rut241_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rut241:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:teltonika-networks:rut300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rut300:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:teltonika-networks:rut360_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rut360:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:teltonika-networks:rut901_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rut901:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:teltonika-networks:rut950_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rut950:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:teltonika-networks:rut951_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rut951:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:teltonika-networks:rut955_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rut955:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:teltonika-networks:rut956_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rut956:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:teltonika-networks:rutx08_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rutx08:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:teltonika-networks:rutx09_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rutx09:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:teltonika-networks:rutx10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rutx10:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:teltonika-networks:rutx11_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rutx11:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:teltonika-networks:rutx12_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rutx12:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:teltonika-networks:rutx14_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rutx14:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:teltonika-networks:rutx50_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rutx50:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:teltonika-networks:rutxr1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rutxr1:-:*:*:*:*:*:*:*
History

01 Jun 2023, 17:55

Type Values Removed Values Added
First Time Teltonika-networks rutx14
Teltonika-networks rut955
Teltonika-networks rut955 Firmware
Teltonika-networks rutx14 Firmware
Teltonika-networks rut950
Teltonika-networks rut241
Teltonika-networks rutx10
Teltonika-networks rut950 Firmware
Teltonika-networks rutx11 Firmware
Teltonika-networks rutx08 Firmware
Teltonika-networks rutxr1
Teltonika-networks rutx12
Teltonika-networks rutx10 Firmware
Teltonika-networks rut956 Firmware
Teltonika-networks rut360
Teltonika-networks rutx09 Firmware
Teltonika-networks rut360 Firmware
Teltonika-networks rutx09
Teltonika-networks rut901
Teltonika-networks rut241 Firmware
Teltonika-networks rut951 Firmware
Teltonika-networks rut300
Teltonika-networks rut200
Teltonika-networks rut200 Firmware
Teltonika-networks rut956
Teltonika-networks rut951
Teltonika-networks rut901 Firmware
Teltonika-networks rutx11
Teltonika-networks rutx08
Teltonika-networks rutx50 Firmware
Teltonika-networks rut240
Teltonika-networks rutx50
Teltonika-networks rutxr1 Firmware
Teltonika-networks rut300 Firmware
Teltonika-networks rut240 Firmware
Teltonika-networks rutx12 Firmware
Teltonika-networks
References (MISC) https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08 - (MISC) https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08 - Third Party Advisory, US Government Resource
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.8
CPE cpe:2.3:o:teltonika-networks:rutx12_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rutx12:-:*:*:*:*:*:*:*
cpe:2.3:o:teltonika-networks:rutx11_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rut955:-:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rutx11:-:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rut241:-:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rutx14:-:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rut950:-:*:*:*:*:*:*:*
cpe:2.3:o:teltonika-networks:rut956_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:teltonika-networks:rutx50_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:teltonika-networks:rut901_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rut300:-:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rutx50:-:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rut360:-:*:*:*:*:*:*:*
cpe:2.3:o:teltonika-networks:rut240_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:teltonika-networks:rutx09_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rut200:-:*:*:*:*:*:*:*
cpe:2.3:o:teltonika-networks:rut951_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:teltonika-networks:rutx08_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rutx10:-:*:*:*:*:*:*:*
cpe:2.3:o:teltonika-networks:rut360_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rutx08:-:*:*:*:*:*:*:*
cpe:2.3:o:teltonika-networks:rutxr1_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rut240:-:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rut951:-:*:*:*:*:*:*:*
cpe:2.3:o:teltonika-networks:rut950_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:teltonika-networks:rutx14_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rut956:-:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rutxr1:-:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rutx09:-:*:*:*:*:*:*:*
cpe:2.3:o:teltonika-networks:rutx10_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:teltonika-networks:rut200_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:teltonika-networks:rut300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:teltonika-networks:rut955_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:teltonika-networks:rut241_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:teltonika-networks:rut901:-:*:*:*:*:*:*:*
Information

Published : 2023-05-22 16:15

Updated : 2024-02-28 20:13

NVD link : CVE-2023-32350

Mitre link : CVE-2023-32350

CVE.ORG link : CVE-2023-32350

JSON object : View

Products Affected

teltonika-networks

  • rut955_firmware
  • rut360_firmware
  • rutx14_firmware
  • rutx12_firmware
  • rutx09
  • rutx12
  • rut241_firmware
  • rut950
  • rutx50
  • rut950_firmware
  • rut956_firmware
  • rut901
  • rutxr1
  • rut241
  • rut360
  • rut951
  • rutx11
  • rutx14
  • rutx10_firmware
  • rut240_firmware
  • rut240
  • rut200
  • rut901_firmware
  • rutx10
  • rutxr1_firmware
  • rut951_firmware
  • rutx50_firmware
  • rutx08_firmware
  • rut956
  • rut955
  • rut300
  • rut200_firmware
  • rutx08
  • rutx09_firmware
  • rut300_firmware
  • rutx11_firmware
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')