N/A

Version 00.07.03.4 and prior of Teltonika’s RUT router firmware contain a packet dump utility that contains proper validation for filter parameters. However, variables for validation checks are stored in an external configuration file. An authenticated attacker could use an exposed UCI configuration utility to change these variables and enable malicious parameters in the dump utility, which could result in arbitrary code execution.

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

系统设置或配置在外部可控制

Teltonika RUT router 安全漏洞

Teltonika RUT router是一系列工业路由器。 Teltonika RUT router 00.07.00版本至00.07.03.4版本存在安全漏洞，该漏洞源于用于验证检查的变量存储在外部配置文件中。攻击者利用该漏洞导致任意代码执行。

N/A

N/A