CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
36.9%
Version 00.07.03.4 and prior of Teltonika’s RUT router firmware contain a packet dump utility that contains proper validation for filter parameters. However, variables for validation checks are stored in an external configuration file. An authenticated attacker could use an exposed UCI configuration utility to change these variables and enable malicious parameters in the dump utility, which could result in arbitrary code execution.
Vendor | Product | Version | CPE |
---|---|---|---|
teltonika-networks | rut200_firmware | * | cpe:2.3:o:teltonika-networks:rut200_firmware:*:*:*:*:*:*:*:* |
teltonika-networks | rut200 | - | cpe:2.3:h:teltonika-networks:rut200:-:*:*:*:*:*:*:* |
teltonika-networks | rut240_firmware | * | cpe:2.3:o:teltonika-networks:rut240_firmware:*:*:*:*:*:*:*:* |
teltonika-networks | rut240 | - | cpe:2.3:h:teltonika-networks:rut240:-:*:*:*:*:*:*:* |
teltonika-networks | rut241_firmware | * | cpe:2.3:o:teltonika-networks:rut241_firmware:*:*:*:*:*:*:*:* |
teltonika-networks | rut241 | - | cpe:2.3:h:teltonika-networks:rut241:-:*:*:*:*:*:*:* |
teltonika-networks | rut300_firmware | * | cpe:2.3:o:teltonika-networks:rut300_firmware:*:*:*:*:*:*:*:* |
teltonika-networks | rut300 | - | cpe:2.3:h:teltonika-networks:rut300:-:*:*:*:*:*:*:* |
teltonika-networks | rut360_firmware | * | cpe:2.3:o:teltonika-networks:rut360_firmware:*:*:*:*:*:*:*:* |
teltonika-networks | rut360 | - | cpe:2.3:h:teltonika-networks:rut360:-:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
36.9%