CVE-2017-8116
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The management interface for the Teltonika RUT9XX routers (aka LuCI) with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metacharacters in the username parameter in a login request.
La interfaz administrativa para los routers RUT9XX de Teltonika (también se conoce como LuCI) con firmware versión 00.03.265 y anteriores, permite a atacantes remotos ejecutar comandos arbitrarios con privilegios root por medio de metacaracteres shell en el parámetro username en una petición de inicio de sesión.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-04-25 CVE Reserved
- 2017-07-03 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://labs.nettitude.com/blog/cve-2017-8116-teltonika-router-unauthenticated-remote-code-execution | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://github.com/nettitude/metasploit-modules/blob/master/teltonika_add_user.rb | 2024-08-05 | |
| https://github.com/nettitude/metasploit-modules/blob/master/teltonika_cmd_exec.rb | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Teltonika Search vendor "Teltonika" | Rut900 Firmware Search vendor "Teltonika" for product "Rut900 Firmware" | <= 00.03.265 Search vendor "Teltonika" for product "Rut900 Firmware" and version " <= 00.03.265" | - |
Affected
| in | Teltonika Search vendor "Teltonika" | Rut900 Search vendor "Teltonika" for product "Rut900" | - | - |
Safe
|
| Teltonika Search vendor "Teltonika" | Rut905 Firmware Search vendor "Teltonika" for product "Rut905 Firmware" | <= 00.03.265 Search vendor "Teltonika" for product "Rut905 Firmware" and version " <= 00.03.265" | - |
Affected
| in | Teltonika Search vendor "Teltonika" | Rut905 Search vendor "Teltonika" for product "Rut905" | - | - |
Safe
|
| Teltonika Search vendor "Teltonika" | Rut950 Firmware Search vendor "Teltonika" for product "Rut950 Firmware" | <= 00.03.265 Search vendor "Teltonika" for product "Rut950 Firmware" and version " <= 00.03.265" | - |
Affected
| in | Teltonika Search vendor "Teltonika" | Rut950 Search vendor "Teltonika" for product "Rut950" | - | - |
Safe
|
| Teltonika Search vendor "Teltonika" | Rut955 Firmware Search vendor "Teltonika" for product "Rut955 Firmware" | <= 00.03.265 Search vendor "Teltonika" for product "Rut955 Firmware" and version " <= 00.03.265" | - |
Affected
| in | Teltonika Search vendor "Teltonika" | Rut955 Search vendor "Teltonika" for product "Rut955" | - | - |
Safe
|