CVE-2023-32350
Severity CVSS v4.0:
Pending analysis
Type:
CWE-78
OS Command Injections
Publication date:
22/05/2023
Last modified:
01/06/2023
Description
<br />
Versions 00.07.00 through 00.07.03 of Teltonika’s RUT router firmware contain an operating system (OS) command injection vulnerability in a Lua service. An attacker could exploit a parameter in the vulnerable function that calls a user-provided package name by instead providing a package with a malicious name that contains an OS command injection payload.<br />
<br />
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:teltonika-networks:rut200_firmware:*:*:*:*:*:*:*:* | 00.07.00 (including) | 00.07.03 (including) |
| cpe:2.3:h:teltonika-networks:rut200:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:teltonika-networks:rut240_firmware:*:*:*:*:*:*:*:* | 00.07.00 (including) | 00.07.03 (including) |
| cpe:2.3:h:teltonika-networks:rut240:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:teltonika-networks:rut241_firmware:*:*:*:*:*:*:*:* | 00.07.00 (including) | 00.07.03 (including) |
| cpe:2.3:h:teltonika-networks:rut241:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:teltonika-networks:rut300_firmware:*:*:*:*:*:*:*:* | 00.07.00 (including) | 00.07.03 (including) |
| cpe:2.3:h:teltonika-networks:rut300:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:teltonika-networks:rut360_firmware:*:*:*:*:*:*:*:* | 00.07.00 (including) | 00.07.03 (including) |
| cpe:2.3:h:teltonika-networks:rut360:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:teltonika-networks:rut901_firmware:*:*:*:*:*:*:*:* | 00.07.00 (including) | 00.07.03 (including) |
| cpe:2.3:h:teltonika-networks:rut901:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:teltonika-networks:rut950_firmware:*:*:*:*:*:*:*:* | 00.07.00 (including) | 00.07.03 (including) |
| cpe:2.3:h:teltonika-networks:rut950:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:teltonika-networks:rut951_firmware:*:*:*:*:*:*:*:* | 00.07.00 (including) | 00.07.03 (including) |
To consult the complete list of CPE names with products and versions, see this page