CVE-2018-19879 — HIGH (7.1)

Vulnerability Description

An issue was discovered in /cgi-bin/luci on Teltonika RTU9XX (e.g., RUT950) R_31.04.89 before R_00.05.00.5 devices. The authentication functionality is not protected from automated tools used to make login attempts to the application. An anonymous attacker has the ability to make unlimited login attempts with an automated tool. This ability could lead to cracking a targeted user's password.

CVSS Score

7.1

HIGH

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Teltonika	Rut950 Firmware	r_31.04.89
Teltonika	Rut950	-

Related Weaknesses (CWE)

CWE-307

References

https://wiki.teltonika.lt/index.php?title=RUT9xx_FirmwareVendor Advisory
https://www.triadsec.com/CVE-2018-19879.pdfExploitThird Party Advisory
https://wiki.teltonika.lt/index.php?title=RUT9xx_FirmwareVendor Advisory
https://www.triadsec.com/CVE-2018-19879.pdfExploitThird Party Advisory

FAQ

What is CVE-2018-19879?

CVE-2018-19879 is a vulnerability with a CVSS score of 7.1 (HIGH). An issue was discovered in /cgi-bin/luci on Teltonika RTU9XX (e.g., RUT950) R_31.04.89 before R_00.05.00.5 devices. The authentication functionality is not protected from automated tools used to make ...

How severe is CVE-2018-19879?

CVE-2018-19879 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-19879?

Check the references section above for vendor advisories and patch information. Affected products include: Teltonika Rut950 Firmware, Teltonika Rut950.