Vulnerability CVE-2018-17532
Published: 2018-10-15

Description:
Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input sanitization. This allows remote attackers to execute arbitrary commands with root privileges.

See advisories in our WLB2 database:
Topic
Author
Date
High
Teltonika RUT9XX Unauthenticated OS Command Injection
David Gnedt
15.10.2018

Type:

CWE-78

 (Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') )

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://packetstormsecurity.com/files/149777/Teltonika-RUT9XX-Unauthenticated-OS-Command-Injection.html
http://seclists.org/fulldisclosure/2018/Oct/27
https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180319-01_Teltonika_OS_Command_Injection
Copyright 2024, cxsecurity.com

 

Back to Top