CVE-2018-17532
Teltonika RUT9XX Unauthenticated OS Command Injection
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
3
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input sanitization. This allows remote attackers to execute arbitrary commands with root privileges.
Los routers Teltonika RUT9XX con firmware en versiones anteriores a la 00.04.233 son propensos a sufrir múltiples vulnerabilidades de inyección de comandos del sistema operativo sin autenticar en autologin.cgi y hotspotlogin.cgi debido al saneamiento insuficiente de entradas de usuario. Esto permite que los atacantes remotos ejecuten comandos arbitrarios con privilegios root.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-09-25 CVE Reserved
- 2018-10-12 CVE Published
- 2024-07-30 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (3)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Teltonika Search vendor "Teltonika" | Rut900 Firmware Search vendor "Teltonika" for product "Rut900 Firmware" | < 00.04.233 Search vendor "Teltonika" for product "Rut900 Firmware" and version " < 00.04.233" | - |
Affected
| in | Teltonika Search vendor "Teltonika" | Rut900 Search vendor "Teltonika" for product "Rut900" | - | - |
Safe
|
| Teltonika Search vendor "Teltonika" | Rut950 Firmware Search vendor "Teltonika" for product "Rut950 Firmware" | < 00.04.233 Search vendor "Teltonika" for product "Rut950 Firmware" and version " < 00.04.233" | - |
Affected
| in | Teltonika Search vendor "Teltonika" | Rut950 Search vendor "Teltonika" for product "Rut950" | - | - |
Safe
|
| Teltonika Search vendor "Teltonika" | Rut955 Firmware Search vendor "Teltonika" for product "Rut955 Firmware" | < 00.04.233 Search vendor "Teltonika" for product "Rut955 Firmware" and version " < 00.04.233" | - |
Affected
| in | Teltonika Search vendor "Teltonika" | Rut955 Search vendor "Teltonika" for product "Rut955" | - | - |
Safe
|