Vulnerability Description
Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input sanitization. This allows remote attackers to execute arbitrary commands with root privileges.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Teltonika | Rut900 Firmware | < 00.04.233 |
| Teltonika | Rut900 | - |
| Teltonika | Rut950 Firmware | < 00.04.233 |
| Teltonika | Rut950 | - |
| Teltonika | Rut955 Firmware | < 00.04.233 |
| Teltonika | Rut955 | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/149777/Teltonika-RUT9XX-Unauthenticated-OS-ExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2018/Oct/27ExploitMailing ListThird Party Advisory
- https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180319-01_TExploitThird Party Advisory
- http://packetstormsecurity.com/files/149777/Teltonika-RUT9XX-Unauthenticated-OS-ExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2018/Oct/27ExploitMailing ListThird Party Advisory
- https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180319-01_TExploitThird Party Advisory
FAQ
What is CVE-2018-17532?
CVE-2018-17532 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input ...
How severe is CVE-2018-17532?
CVE-2018-17532 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-17532?
Check the references section above for vendor advisories and patch information. Affected products include: Teltonika Rut900 Firmware, Teltonika Rut900, Teltonika Rut950 Firmware, Teltonika Rut950, Teltonika Rut955 Firmware.