Vulnerabilites related to teltonika - rut905_firmware
Vulnerability from fkie_nvd
Published
2017-07-03 16:29
Modified
2025-04-20 01:37
Severity ?
Summary
The management interface for the Teltonika RUT9XX routers (aka LuCI) with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metacharacters in the username parameter in a login request.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/nettitude/metasploit-modules/blob/master/teltonika_add_user.rb | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/nettitude/metasploit-modules/blob/master/teltonika_cmd_exec.rb | Exploit, Third Party Advisory | |
| cve@mitre.org | https://labs.nettitude.com/blog/cve-2017-8116-teltonika-router-unauthenticated-remote-code-execution/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/nettitude/metasploit-modules/blob/master/teltonika_add_user.rb | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/nettitude/metasploit-modules/blob/master/teltonika_cmd_exec.rb | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://labs.nettitude.com/blog/cve-2017-8116-teltonika-router-unauthenticated-remote-code-execution/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| teltonika | rut900_firmware | * | |
| teltonika | rut900 | - | |
| teltonika | rut905_firmware | * | |
| teltonika | rut905 | - | |
| teltonika | rut950_firmware | * | |
| teltonika | rut950 | - | |
| teltonika | rut955_firmware | * | |
| teltonika | rut955 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:teltonika:rut900_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C23F232-784F-43BA-88CA-98A288FD5C2B",
"versionEndIncluding": "00.03.265",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:teltonika:rut900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D1E794-1212-43CC-BA30-551EE45FA646",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:teltonika:rut905_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "323FAF90-F8A2-4FFE-B79A-08CB7B56BF73",
"versionEndIncluding": "00.03.265",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:teltonika:rut905:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C45D7FA-FA7F-426C-9905-D6A6ACBE8AC1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:teltonika:rut950_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AAE86264-F281-42DA-AA35-B6964E430684",
"versionEndIncluding": "00.03.265",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:teltonika:rut950:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE17C85-9A69-41FB-AB96-0DCAB72309A0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:teltonika:rut955_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF39D487-2CD1-4E9E-8323-6C5764B42B8B",
"versionEndIncluding": "00.03.265",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:teltonika:rut955:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6F29C3F1-DFAF-433A-8B1E-4BD2A8DF6C1E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The management interface for the Teltonika RUT9XX routers (aka LuCI) with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metacharacters in the username parameter in a login request."
},
{
"lang": "es",
"value": "La interfaz administrativa para los routers RUT9XX de Teltonika (tambi\u00e9n se conoce como LuCI) con firmware versi\u00f3n 00.03.265 y anteriores, permite a atacantes remotos ejecutar comandos arbitrarios con privilegios root por medio de metacaracteres shell en el par\u00e1metro username en una petici\u00f3n de inicio de sesi\u00f3n."
}
],
"id": "CVE-2017-8116",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-03T16:29:00.557",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_add_user.rb"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_cmd_exec.rb"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://labs.nettitude.com/blog/cve-2017-8116-teltonika-router-unauthenticated-remote-code-execution/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_add_user.rb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_cmd_exec.rb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://labs.nettitude.com/blog/cve-2017-8116-teltonika-router-unauthenticated-remote-code-execution/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2017-8116 (GCVE-0-2017-8116)
Vulnerability from cvelistv5
Published
2017-07-03 16:00
Modified
2024-08-05 16:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The management interface for the Teltonika RUT9XX routers (aka LuCI) with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metacharacters in the username parameter in a login request.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:22.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_add_user.rb"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_cmd_exec.rb"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://labs.nettitude.com/blog/cve-2017-8116-teltonika-router-unauthenticated-remote-code-execution/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The management interface for the Teltonika RUT9XX routers (aka LuCI) with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metacharacters in the username parameter in a login request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-03T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_add_user.rb"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_cmd_exec.rb"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://labs.nettitude.com/blog/cve-2017-8116-teltonika-router-unauthenticated-remote-code-execution/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8116",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The management interface for the Teltonika RUT9XX routers (aka LuCI) with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metacharacters in the username parameter in a login request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_add_user.rb",
"refsource": "MISC",
"url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_add_user.rb"
},
{
"name": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_cmd_exec.rb",
"refsource": "MISC",
"url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_cmd_exec.rb"
},
{
"name": "https://labs.nettitude.com/blog/cve-2017-8116-teltonika-router-unauthenticated-remote-code-execution/",
"refsource": "MISC",
"url": "https://labs.nettitude.com/blog/cve-2017-8116-teltonika-router-unauthenticated-remote-code-execution/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8116",
"datePublished": "2017-07-03T16:00:00",
"dateReserved": "2017-04-25T00:00:00",
"dateUpdated": "2024-08-05T16:27:22.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}