Unknown
CVE-2023-32350
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
CVE-2023-32350
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
Versions 00.07.00 through 00.07.03 of Teltonika’s RUT router firmware contain an operating system (OS) command injection vulnerability in a Lua service. An attacker could exploit a parameter in the vulnerable function that calls a user-provided package name by instead providing a package with a malicious name that contains an OS command injection payload.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
General Information
Vendors
Products
- rut200 firmware,
- rut240 firmware,
- rut241 firmware,
- rut300 firmware,
- rut360 firmware,
- rut901 firmware,
- rut950 firmware,
- rut951 firmware,
- rut955 firmware,
- rut956 firmware,
- rutx08 firmware,
- rutx09 firmware,
- rutx10 firmware,
- rutx11 firmware,
- rutx12 firmware,
- rutx14 firmware,
- rutx50 firmware,
- rutxr1 firmware
References
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Zero-day Exploit
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
