Vulnerability Description
Teltonika RUT9XX routers with firmware before 00.04.233 provide a root terminal on a serial interface without proper access control. This allows attackers with physical access to execute arbitrary commands with root privileges.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Teltonika | Rut900 Firmware | < 00.04.233 |
| Teltonika | Rut900 | - |
| Teltonika | Rut950 Firmware | < 00.04.233 |
| Teltonika | Rut950 | - |
| Teltonika | Rut955 Firmware | < 00.04.233 |
| Teltonika | Rut955 | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/149779/Teltonika-RUT9XX-Missing-Access-ContExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2018/Oct/28ExploitMailing ListThird Party Advisory
- https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180319-02_TExploitThird Party Advisory
- http://packetstormsecurity.com/files/149779/Teltonika-RUT9XX-Missing-Access-ContExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2018/Oct/28ExploitMailing ListThird Party Advisory
- https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180319-02_TExploitThird Party Advisory
FAQ
What is CVE-2018-17534?
CVE-2018-17534 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Teltonika RUT9XX routers with firmware before 00.04.233 provide a root terminal on a serial interface without proper access control. This allows attackers with physical access to execute arbitrary com...
How severe is CVE-2018-17534?
CVE-2018-17534 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-17534?
Check the references section above for vendor advisories and patch information. Affected products include: Teltonika Rut900 Firmware, Teltonika Rut900, Teltonika Rut950 Firmware, Teltonika Rut950, Teltonika Rut955 Firmware.