CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
30.7%
Versions 00.07.00 through 00.07.03 of Teltonika’s RUT router firmware contain an operating system (OS) command injection vulnerability in a Lua service. An attacker could exploit a parameter in the vulnerable function that calls a user-provided package name by instead providing a package with a malicious name that contains an OS command injection payload.
Vendor | Product | Version | CPE |
---|---|---|---|
teltonika-networks | rut200_firmware | * | cpe:2.3:o:teltonika-networks:rut200_firmware:*:*:*:*:*:*:*:* |
teltonika-networks | rut200 | - | cpe:2.3:h:teltonika-networks:rut200:-:*:*:*:*:*:*:* |
teltonika-networks | rut240_firmware | * | cpe:2.3:o:teltonika-networks:rut240_firmware:*:*:*:*:*:*:*:* |
teltonika-networks | rut240 | - | cpe:2.3:h:teltonika-networks:rut240:-:*:*:*:*:*:*:* |
teltonika-networks | rut241_firmware | * | cpe:2.3:o:teltonika-networks:rut241_firmware:*:*:*:*:*:*:*:* |
teltonika-networks | rut241 | - | cpe:2.3:h:teltonika-networks:rut241:-:*:*:*:*:*:*:* |
teltonika-networks | rut300_firmware | * | cpe:2.3:o:teltonika-networks:rut300_firmware:*:*:*:*:*:*:*:* |
teltonika-networks | rut300 | - | cpe:2.3:h:teltonika-networks:rut300:-:*:*:*:*:*:*:* |
teltonika-networks | rut360_firmware | * | cpe:2.3:o:teltonika-networks:rut360_firmware:*:*:*:*:*:*:*:* |
teltonika-networks | rut360 | - | cpe:2.3:h:teltonika-networks:rut360:-:*:*:*:*:*:*:* |
[
{
"defaultStatus": "unaffected",
"product": "RUT model routers",
"vendor": "Teltonika",
"versions": [
{
"lessThanOrEqual": "00.07.03",
"status": "affected",
"version": "00.07.00",
"versionType": "custom"
}
]
}
]