Vulnerability Description
Version 00.07.03.4 and prior of Teltonika’s RUT router firmware contain a packet dump utility that contains proper validation for filter parameters. However, variables for validation checks are stored in an external configuration file. An authenticated attacker could use an exposed UCI configuration utility to change these variables and enable malicious parameters in the dump utility, which could result in arbitrary code execution.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Teltonika-Networks | Rut200 Firmware | <= 00.07.03.4 |
| Teltonika-Networks | Rut200 | - |
| Teltonika-Networks | Rut240 Firmware | <= 00.07.03.4 |
| Teltonika-Networks | Rut240 | - |
| Teltonika-Networks | Rut241 Firmware | <= 00.07.03.4 |
| Teltonika-Networks | Rut241 | - |
| Teltonika-Networks | Rut300 Firmware | <= 00.07.03.4 |
| Teltonika-Networks | Rut300 | - |
| Teltonika-Networks | Rut360 Firmware | <= 00.07.03.4 |
| Teltonika-Networks | Rut360 | - |
| Teltonika-Networks | Rut901 Firmware | <= 00.07.03.4 |
| Teltonika-Networks | Rut901 | - |
| Teltonika-Networks | Rut950 Firmware | <= 00.07.03.4 |
| Teltonika-Networks | Rut950 | - |
| Teltonika-Networks | Rut951 Firmware | <= 00.07.03.4 |
| Teltonika-Networks | Rut951 | - |
| Teltonika-Networks | Rut955 Firmware | <= 00.07.03.4 |
| Teltonika-Networks | Rut955 | - |
| Teltonika-Networks | Rut956 Firmware | <= 00.07.03.4 |
| Teltonika-Networks | Rut956 | - |
Related Weaknesses (CWE)
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08Third Party AdvisoryUS Government Resource
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2023-32349?
CVE-2023-32349 is a vulnerability with a CVSS score of 8.0 (HIGH). Version 00.07.03.4 and prior of Teltonika’s RUT router firmware contain a packet dump utility that contains proper validation for filter parameters. However, variables for validation checks are store...
How severe is CVE-2023-32349?
CVE-2023-32349 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-32349?
Check the references section above for vendor advisories and patch information. Affected products include: Teltonika-Networks Rut200 Firmware, Teltonika-Networks Rut200, Teltonika-Networks Rut240 Firmware, Teltonika-Networks Rut240, Teltonika-Networks Rut241 Firmware.