CVE-2023-32349
moderate-risk
Published 2023-05-22
Version 00.07.03.4 and prior of Teltonika’s RUT router firmware contain a packet dump utility that contains proper validation for filter parameters. However, variables for validation checks are stored in an external configuration file. An authenticated attacker could use an exposed UCI configuration utility to change these variables and enable malicious parameters in the dump utility, which could result in arbitrary code execution.
Do I need to act?
-
0.07% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.0/10
High
ADJACENT_NETWORK
/ LOW complexity
Affected Products (18)
Rut200 Firmware
Rut240 Firmware
Rut241 Firmware
Rut300 Firmware
Rut360 Firmware
Rut901 Firmware
Rut950 Firmware
Rut951 Firmware
Rut955 Firmware
Rut956 Firmware
Rutx08 Firmware
Rutx09 Firmware
Rutx10 Firmware
Rutx11 Firmware
Rutx12 Firmware
Rutx14 Firmware
Rutx50 Firmware
Rutxr1 Firmware
Affected Vendors
References (2)
Third Party Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08
Third Party Advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08
44
/ 100
moderate-risk
Severity
25/34 · High
Exploitability
0/34 · Minimal
Exposure
19/34 · Moderate