Vulnerabilites related to teltonika - rut905
Vulnerability from fkie_nvd
Published
2017-07-03 16:29
Modified
2025-04-20 01:37
Severity ?
Summary
The management interface for the Teltonika RUT9XX routers (aka LuCI) with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metacharacters in the username parameter in a login request.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/nettitude/metasploit-modules/blob/master/teltonika_add_user.rb | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/nettitude/metasploit-modules/blob/master/teltonika_cmd_exec.rb | Exploit, Third Party Advisory | |
| cve@mitre.org | https://labs.nettitude.com/blog/cve-2017-8116-teltonika-router-unauthenticated-remote-code-execution/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/nettitude/metasploit-modules/blob/master/teltonika_add_user.rb | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/nettitude/metasploit-modules/blob/master/teltonika_cmd_exec.rb | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://labs.nettitude.com/blog/cve-2017-8116-teltonika-router-unauthenticated-remote-code-execution/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| teltonika | rut900_firmware | * | |
| teltonika | rut900 | - | |
| teltonika | rut905_firmware | * | |
| teltonika | rut905 | - | |
| teltonika | rut950_firmware | * | |
| teltonika | rut950 | - | |
| teltonika | rut955_firmware | * | |
| teltonika | rut955 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:teltonika:rut900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C23F232-784F-43BA-88CA-98A288FD5C2B",
"versionEndIncluding": "00.03.265",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:teltonika:rut900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D1E794-1212-43CC-BA30-551EE45FA646",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:teltonika:rut905_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "323FAF90-F8A2-4FFE-B79A-08CB7B56BF73",
"versionEndIncluding": "00.03.265",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:teltonika:rut905:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C45D7FA-FA7F-426C-9905-D6A6ACBE8AC1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:teltonika:rut950_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AAE86264-F281-42DA-AA35-B6964E430684",
"versionEndIncluding": "00.03.265",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:teltonika:rut950:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE17C85-9A69-41FB-AB96-0DCAB72309A0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:teltonika:rut955_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF39D487-2CD1-4E9E-8323-6C5764B42B8B",
"versionEndIncluding": "00.03.265",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:teltonika:rut955:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6F29C3F1-DFAF-433A-8B1E-4BD2A8DF6C1E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The management interface for the Teltonika RUT9XX routers (aka LuCI) with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metacharacters in the username parameter in a login request."
},
{
"lang": "es",
"value": "La interfaz administrativa para los routers RUT9XX de Teltonika (tambi\u00e9n se conoce como LuCI) con firmware versi\u00f3n 00.03.265 y anteriores, permite a atacantes remotos ejecutar comandos arbitrarios con privilegios root por medio de metacaracteres shell en el par\u00e1metro username en una petici\u00f3n de inicio de sesi\u00f3n."
}
],
"id": "CVE-2017-8116",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-03T16:29:00.557",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_add_user.rb"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_cmd_exec.rb"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://labs.nettitude.com/blog/cve-2017-8116-teltonika-router-unauthenticated-remote-code-execution/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_add_user.rb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_cmd_exec.rb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://labs.nettitude.com/blog/cve-2017-8116-teltonika-router-unauthenticated-remote-code-execution/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2017-8116 (GCVE-0-2017-8116)
Vulnerability from cvelistv5
Published
2017-07-03 16:00
Modified
2024-08-05 16:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The management interface for the Teltonika RUT9XX routers (aka LuCI) with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metacharacters in the username parameter in a login request.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:22.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_add_user.rb"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_cmd_exec.rb"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.nettitude.com/blog/cve-2017-8116-teltonika-router-unauthenticated-remote-code-execution/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The management interface for the Teltonika RUT9XX routers (aka LuCI) with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metacharacters in the username parameter in a login request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-03T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_add_user.rb"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_cmd_exec.rb"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://labs.nettitude.com/blog/cve-2017-8116-teltonika-router-unauthenticated-remote-code-execution/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8116",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The management interface for the Teltonika RUT9XX routers (aka LuCI) with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metacharacters in the username parameter in a login request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_add_user.rb",
"refsource": "MISC",
"url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_add_user.rb"
},
{
"name": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_cmd_exec.rb",
"refsource": "MISC",
"url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_cmd_exec.rb"
},
{
"name": "https://labs.nettitude.com/blog/cve-2017-8116-teltonika-router-unauthenticated-remote-code-execution/",
"refsource": "MISC",
"url": "https://labs.nettitude.com/blog/cve-2017-8116-teltonika-router-unauthenticated-remote-code-execution/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8116",
"datePublished": "2017-07-03T16:00:00",
"dateReserved": "2017-04-25T00:00:00",
"dateUpdated": "2024-08-05T16:27:22.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-201707-0931
Vulnerability from variot
The management interface for the Teltonika RUT9XX routers (aka LuCI) with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metacharacters in the username parameter in a login request. TeltonikaRUT9XXrouters (also known as LuCI) is a router product from Teltonika, Lithuania. A security vulnerability exists in the management interface in the TeltonikaRUT9XX router using firmware 0.03.265 and earlier. Teltonika Routers are prone to a remote command-execution vulnerability because it fails to properly sanitize user-supplied input. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201707-0931",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rut900",
"scope": "lte",
"trust": 1.8,
"vendor": "teltonika",
"version": "00.03.265"
},
{
"model": "rut905",
"scope": "lte",
"trust": 1.8,
"vendor": "teltonika",
"version": "00.03.265"
},
{
"model": "rut950",
"scope": "lte",
"trust": 1.8,
"vendor": "teltonika",
"version": "00.03.265"
},
{
"model": "rut955",
"scope": "lte",
"trust": 1.8,
"vendor": "teltonika",
"version": "00.03.265"
},
{
"model": "rut9xx routers",
"scope": "lt",
"trust": 0.6,
"vendor": "teltonika",
"version": "00.03.265"
},
{
"model": "rut950",
"scope": "eq",
"trust": 0.6,
"vendor": "teltonika",
"version": "00.03.265"
},
{
"model": "rut955",
"scope": "eq",
"trust": 0.6,
"vendor": "teltonika",
"version": "00.03.265"
},
{
"model": "rut905",
"scope": "eq",
"trust": 0.6,
"vendor": "teltonika",
"version": "00.03.265"
},
{
"model": "rut900",
"scope": "eq",
"trust": 0.6,
"vendor": "teltonika",
"version": "00.03.265"
},
{
"model": "rut905",
"scope": "eq",
"trust": 0.3,
"vendor": "teltonika",
"version": "0.3.265"
},
{
"model": "rut905",
"scope": "eq",
"trust": 0.3,
"vendor": "teltonika",
"version": "0"
},
{
"model": "rut900",
"scope": "eq",
"trust": 0.3,
"vendor": "teltonika",
"version": "0.3.265"
},
{
"model": "rut900",
"scope": "eq",
"trust": 0.3,
"vendor": "teltonika",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-13830"
},
{
"db": "BID",
"id": "100978"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006076"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-060"
},
{
"db": "NVD",
"id": "CVE-2017-8116"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:teltonika:rut900_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:teltonika:rut905_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:teltonika:rut950_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:teltonika:rut955_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006076"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nettitude",
"sources": [
{
"db": "BID",
"id": "100978"
}
],
"trust": 0.3
},
"cve": "CVE-2017-8116",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-8116",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-13830",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-116319",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-8116",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-8116",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-8116",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-13830",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201707-060",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-116319",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-8116",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-13830"
},
{
"db": "VULHUB",
"id": "VHN-116319"
},
{
"db": "VULMON",
"id": "CVE-2017-8116"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006076"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-060"
},
{
"db": "NVD",
"id": "CVE-2017-8116"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The management interface for the Teltonika RUT9XX routers (aka LuCI) with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metacharacters in the username parameter in a login request. TeltonikaRUT9XXrouters (also known as LuCI) is a router product from Teltonika, Lithuania. A security vulnerability exists in the management interface in the TeltonikaRUT9XX router using firmware 0.03.265 and earlier. Teltonika Routers are prone to a remote command-execution vulnerability because it fails to properly sanitize user-supplied input. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-8116"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006076"
},
{
"db": "CNVD",
"id": "CNVD-2017-13830"
},
{
"db": "BID",
"id": "100978"
},
{
"db": "VULHUB",
"id": "VHN-116319"
},
{
"db": "VULMON",
"id": "CVE-2017-8116"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-8116",
"trust": 3.5
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006076",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201707-060",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-13830",
"trust": 0.6
},
{
"db": "BID",
"id": "100978",
"trust": 0.5
},
{
"db": "VULHUB",
"id": "VHN-116319",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-8116",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-13830"
},
{
"db": "VULHUB",
"id": "VHN-116319"
},
{
"db": "VULMON",
"id": "CVE-2017-8116"
},
{
"db": "BID",
"id": "100978"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006076"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-060"
},
{
"db": "NVD",
"id": "CVE-2017-8116"
}
]
},
"id": "VAR-201707-0931",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-13830"
},
{
"db": "VULHUB",
"id": "VHN-116319"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-13830"
}
]
},
"last_update_date": "2024-11-23T22:42:09.312000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://teltonika.lt/"
},
{
"title": "TeltonikaRUT9XX router arbitrary command execution vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/97827"
},
{
"title": "Teltonika RUT9XX Repair measures for router security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71397"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-13830"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006076"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-060"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.1
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-116319"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006076"
},
{
"db": "NVD",
"id": "CVE-2017-8116"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_add_user.rb"
},
{
"trust": 2.9,
"url": "https://labs.nettitude.com/blog/cve-2017-8116-teltonika-router-unauthenticated-remote-code-execution/"
},
{
"trust": 2.6,
"url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_cmd_exec.rb"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8116"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-8116"
},
{
"trust": 0.3,
"url": "http://teltonika.lt/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/100978"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-13830"
},
{
"db": "VULHUB",
"id": "VHN-116319"
},
{
"db": "VULMON",
"id": "CVE-2017-8116"
},
{
"db": "BID",
"id": "100978"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006076"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-060"
},
{
"db": "NVD",
"id": "CVE-2017-8116"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-13830"
},
{
"db": "VULHUB",
"id": "VHN-116319"
},
{
"db": "VULMON",
"id": "CVE-2017-8116"
},
{
"db": "BID",
"id": "100978"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006076"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-060"
},
{
"db": "NVD",
"id": "CVE-2017-8116"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-13830"
},
{
"date": "2017-07-03T00:00:00",
"db": "VULHUB",
"id": "VHN-116319"
},
{
"date": "2017-07-03T00:00:00",
"db": "VULMON",
"id": "CVE-2017-8116"
},
{
"date": "2017-07-03T00:00:00",
"db": "BID",
"id": "100978"
},
{
"date": "2017-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006076"
},
{
"date": "2017-07-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-060"
},
{
"date": "2017-07-03T16:29:00.557000",
"db": "NVD",
"id": "CVE-2017-8116"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-13830"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-116319"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2017-8116"
},
{
"date": "2017-07-03T00:00:00",
"db": "BID",
"id": "100978"
},
{
"date": "2017-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006076"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-060"
},
{
"date": "2024-11-21T03:33:21.287000",
"db": "NVD",
"id": "CVE-2017-8116"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-060"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Teltonika RUT9XX In the router firmware management interface root Vulnerability to execute arbitrary commands with privileges",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006076"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-060"
}
],
"trust": 0.6
}
}