CVE-2023-32350
22.05.2023, 16:15
Versions 00.07.00 through 00.07.03 of Teltonikas RUT router firmware contain an operating system (OS) command injection vulnerability in a Lua service. An attacker could exploit a parameter in the vulnerable function that calls a user-provided package name by instead providing a package with a malicious name that contains an OS command injection payload.
| Vendor | Product | Version |
|---|---|---|
| teltonika-networks | rut200_firmware | 00.07.00 ≤ 𝑥 ≤ 00.07.03 |
| teltonika-networks | rut240_firmware | 00.07.00 ≤ 𝑥 ≤ 00.07.03 |
| teltonika-networks | rut241_firmware | 00.07.00 ≤ 𝑥 ≤ 00.07.03 |
| teltonika-networks | rut300_firmware | 00.07.00 ≤ 𝑥 ≤ 00.07.03 |
| teltonika-networks | rut360_firmware | 00.07.00 ≤ 𝑥 ≤ 00.07.03 |
| teltonika-networks | rut901_firmware | 00.07.00 ≤ 𝑥 ≤ 00.07.03 |
| teltonika-networks | rut950_firmware | 00.07.00 ≤ 𝑥 ≤ 00.07.03 |
| teltonika-networks | rut951_firmware | 00.07.00 ≤ 𝑥 ≤ 00.07.03 |
| teltonika-networks | rut955_firmware | 00.07.00 ≤ 𝑥 ≤ 00.07.03 |
| teltonika-networks | rut956_firmware | 00.07.00 ≤ 𝑥 ≤ 00.07.03 |
| teltonika-networks | rutx08_firmware | 00.07.00 ≤ 𝑥 ≤ 00.07.03 |
| teltonika-networks | rutx09_firmware | 00.07.00 ≤ 𝑥 ≤ 00.07.03 |
| teltonika-networks | rutx10_firmware | 00.07.00 ≤ 𝑥 ≤ 00.07.03 |
| teltonika-networks | rutx11_firmware | 00.07.00 ≤ 𝑥 ≤ 00.07.03 |
| teltonika-networks | rutx12_firmware | 00.07.00 ≤ 𝑥 ≤ 00.07.03 |
| teltonika-networks | rutx14_firmware | 00.07.00 ≤ 𝑥 ≤ 00.07.03 |
| teltonika-networks | rutx50_firmware | 00.07.00 ≤ 𝑥 ≤ 00.07.03 |
| teltonika-networks | rutxr1_firmware | 00.07.00 ≤ 𝑥 ≤ 00.07.03 |
𝑥
= Vulnerable software versions