fkie_cve-2017-8116
Vulnerability from fkie_nvd
Published
2017-07-03 16:29
Modified
2025-04-20 01:37
Severity ?
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The management interface for the Teltonika RUT9XX routers (aka LuCI) with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metacharacters in the username parameter in a login request.
References
cve@mitre.orghttps://github.com/nettitude/metasploit-modules/blob/master/teltonika_add_user.rbExploit, Third Party Advisory
cve@mitre.orghttps://github.com/nettitude/metasploit-modules/blob/master/teltonika_cmd_exec.rbExploit, Third Party Advisory
cve@mitre.orghttps://labs.nettitude.com/blog/cve-2017-8116-teltonika-router-unauthenticated-remote-code-execution/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/nettitude/metasploit-modules/blob/master/teltonika_add_user.rbExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/nettitude/metasploit-modules/blob/master/teltonika_cmd_exec.rbExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://labs.nettitude.com/blog/cve-2017-8116-teltonika-router-unauthenticated-remote-code-execution/Third Party Advisory
Impacted products
Vendor Product Version
teltonika rut900_firmware *
teltonika rut900 -
teltonika rut905_firmware *
teltonika rut905 -
teltonika rut950_firmware *
teltonika rut950 -
teltonika rut955_firmware *
teltonika rut955 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:teltonika:rut900_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C23F232-784F-43BA-88CA-98A288FD5C2B",
              "versionEndIncluding": "00.03.265",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:teltonika:rut900:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9D1E794-1212-43CC-BA30-551EE45FA646",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:teltonika:rut905_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "323FAF90-F8A2-4FFE-B79A-08CB7B56BF73",
              "versionEndIncluding": "00.03.265",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:teltonika:rut905:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C45D7FA-FA7F-426C-9905-D6A6ACBE8AC1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:teltonika:rut950_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAE86264-F281-42DA-AA35-B6964E430684",
              "versionEndIncluding": "00.03.265",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:teltonika:rut950:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CE17C85-9A69-41FB-AB96-0DCAB72309A0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:teltonika:rut955_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF39D487-2CD1-4E9E-8323-6C5764B42B8B",
              "versionEndIncluding": "00.03.265",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:teltonika:rut955:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F29C3F1-DFAF-433A-8B1E-4BD2A8DF6C1E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The management interface for the Teltonika RUT9XX routers (aka LuCI) with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metacharacters in the username parameter in a login request."
    },
    {
      "lang": "es",
      "value": "La interfaz administrativa para los routers RUT9XX de Teltonika (tambi\u00e9n se conoce como LuCI) con firmware versi\u00f3n 00.03.265 y anteriores, permite a atacantes remotos ejecutar comandos arbitrarios con privilegios root por medio de metacaracteres shell en el par\u00e1metro username en una petici\u00f3n de inicio de sesi\u00f3n."
    }
  ],
  "id": "CVE-2017-8116",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-07-03T16:29:00.557",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_add_user.rb"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_cmd_exec.rb"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://labs.nettitude.com/blog/cve-2017-8116-teltonika-router-unauthenticated-remote-code-execution/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_add_user.rb"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_cmd_exec.rb"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://labs.nettitude.com/blog/cve-2017-8116-teltonika-router-unauthenticated-remote-code-execution/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.