CVE-2017-8116 — CRITICAL (9.8)

Q: How severe is CVE-2017-8116?

CVE-2017-8116 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2017-8116?

Check the references section above for vendor advisories and patch information. Affected products include: Teltonika Rut900 Firmware, Teltonika Rut900, Teltonika Rut905 Firmware, Teltonika Rut905, Teltonika Rut950 Firmware.

Vulnerability Description

The management interface for the Teltonika RUT9XX routers (aka LuCI) with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metacharacters in the username parameter in a login request.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Teltonika	Rut900 Firmware	<= 00.03.265
Teltonika	Rut900	-
Teltonika	Rut905 Firmware	<= 00.03.265
Teltonika	Rut905	-
Teltonika	Rut950 Firmware	<= 00.03.265
Teltonika	Rut950	-
Teltonika	Rut955 Firmware	<= 00.03.265
Teltonika	Rut955	-

Related Weaknesses (CWE)

CWE-78

References

https://github.com/nettitude/metasploit-modules/blob/master/teltonika_add_user.rExploitThird Party Advisory
https://github.com/nettitude/metasploit-modules/blob/master/teltonika_cmd_exec.rExploitThird Party Advisory
https://labs.nettitude.com/blog/cve-2017-8116-teltonika-router-unauthenticated-rThird Party Advisory
https://github.com/nettitude/metasploit-modules/blob/master/teltonika_add_user.rExploitThird Party Advisory
https://github.com/nettitude/metasploit-modules/blob/master/teltonika_cmd_exec.rExploitThird Party Advisory
https://labs.nettitude.com/blog/cve-2017-8116-teltonika-router-unauthenticated-rThird Party Advisory

FAQ

What is CVE-2017-8116?

CVE-2017-8116 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The management interface for the Teltonika RUT9XX routers (aka LuCI) with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metacharac...

How severe is CVE-2017-8116?

CVE-2017-8116 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2017-8116?

Check the references section above for vendor advisories and patch information. Affected products include: Teltonika Rut900 Firmware, Teltonika Rut900, Teltonika Rut905 Firmware, Teltonika Rut905, Teltonika Rut950 Firmware.