8.8

CVE-2023-32349

EPSS 0.07%
Veröffentlicht 22.05.2023 16:15:10
Zuletzt bearbeitet 21.11.2024 08:03:09
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

Version 00.07.03.4 and prior of Teltonika’s RUT router firmware contain a packet dump utility that contains proper validation for filter parameters. However, variables for validation checks are stored in an external configuration file. An authenticated attacker could use an exposed UCI configuration utility to change these variables and enable malicious parameters in the dump utility, which could result in arbitrary code execution.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Teltonika-networks ≫ Rut200 Firmware Version <= 00.07.03.4

Teltonika-networks ≫ Rut200 Version-

Teltonika-networks ≫ Rut240 Firmware Version <= 00.07.03.4

Teltonika-networks ≫ Rut240 Version-

Teltonika-networks ≫ Rut241 Firmware Version <= 00.07.03.4

Teltonika-networks ≫ Rut241 Version-

Teltonika-networks ≫ Rut300 Firmware Version <= 00.07.03.4

Teltonika-networks ≫ Rut300 Version-

Teltonika-networks ≫ Rut360 Firmware Version <= 00.07.03.4

Teltonika-networks ≫ Rut360 Version-

Teltonika-networks ≫ Rut901 Firmware Version <= 00.07.03.4

Teltonika-networks ≫ Rut901 Version-

Teltonika-networks ≫ Rut950 Firmware Version <= 00.07.03.4

Teltonika-networks ≫ Rut950 Version-

Teltonika-networks ≫ Rut951 Firmware Version <= 00.07.03.4

Teltonika-networks ≫ Rut951 Version-

Teltonika-networks ≫ Rut955 Firmware Version <= 00.07.03.4

Teltonika-networks ≫ Rut955 Version-

Teltonika-networks ≫ Rut956 Firmware Version <= 00.07.03.4

Teltonika-networks ≫ Rut956 Version-

Teltonika-networks ≫ Rutx08 Firmware Version <= 00.07.03.4

Teltonika-networks ≫ Rutx08 Version-

Teltonika-networks ≫ Rutx09 Firmware Version <= 00.07.03.4

Teltonika-networks ≫ Rutx09 Version-

Teltonika-networks ≫ Rutx10 Firmware Version <= 00.07.03.4

Teltonika-networks ≫ Rutx10 Version-

Teltonika-networks ≫ Rutx11 Firmware Version <= 00.07.03.4

Teltonika-networks ≫ Rutx11 Version-

Teltonika-networks ≫ Rutx12 Firmware Version <= 00.07.03.4

Teltonika-networks ≫ Rutx12 Version-

Teltonika-networks ≫ Rutx14 Firmware Version >= 00.07.00 <= 00.07.03.4

Teltonika-networks ≫ Rutx14 Version-

Teltonika-networks ≫ Rutx50 Firmware Version >= 00.07.00 <= 00.07.03.4

Teltonika-networks ≫ Rutx50 Version-

Teltonika-networks ≫ Rutxr1 Firmware Version >= 00.07.00 <= 00.07.03.4

Teltonika-networks ≫ Rutxr1 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.203

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
ics-cert@hq.dhs.gov	8	2.1	5.9	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-15 External Control of System or Configuration Setting

One or more system settings or configuration elements can be externally controlled by a user.

https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2023-32349

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-32349

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-32349

EUVD