CVE-2023-31728

EUVD-2023-36019
Teltonika RUT240 devices with firmware before 07.04.2, when bridge mode is used, sometimes make SSH and HTTP services available on the IPv6 WAN interface even though the UI shows that they are only available on the LAN interface.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7 HIGH
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
7 HIGH
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
Affected Products (NVD)
VendorProductVersion
teltonika-networksrut240_firmware
𝑥
< 00.07.04.2
𝑥
= Vulnerable software versions
References
https://research.exoticsilicon.com/articles/lte_ethernet_bridge_bug_followup
https://research.exoticsilicon.com/news
https://research.exoticsilicon.com/articles/lte_ethernet_bridge_bug_followup
https://research.exoticsilicon.com/news