CVE-2018-17532: Command Injection
First published: Mon Oct 15 2018(Updated: )
Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input sanitization. This allows remote attackers to execute arbitrary commands with root privileges.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Teltonika RUT900 Firmware | <00.04.233 | |
| Teltonika RUT900 Firmware | ||
| Teltonika RUT950 Firmware | <00.04.233 | |
| Teltonika Networks RUT950 Firmware | ||
| Teltonika RUT955 Firmware | <00.04.233 | |
| Teltonika RUT955 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://seclists.org/fulldisclosure/2018/Oct/27
- http://packetstormsecurity.com/files/149777/Teltonika-RUT9XX-Unauthenticated-OS-Command-Injection.html
- https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180319-01_Teltonika_OS_Command_Injection
- https://www.bleepingcomputer.com/news/security/new-botnet-exploits-vulnerabilities-in-nvrs-tp-link-routers/
- https://www.theregister.com/2025/01/29/ddos_attacks_aquabot_mitel/
- https://www.bleepingcomputer.com/news/security/new-aquabotv3-botnet-malware-targets-mitel-command-injection-flaw/
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is the severity of CVE-2018-17532?
CVE-2018-17532 has a high severity rating due to its potential for remote attackers to execute arbitrary commands with root privileges.
How do I fix CVE-2018-17532?
To remediate CVE-2018-17532, update the firmware of Teltonika RUT9XX routers to version 00.04.233 or later.
Which devices are affected by CVE-2018-17532?
CVE-2018-17532 affects Teltonika RUT900, RUT950, and RUT955 routers with firmware versions prior to 00.04.233.
What causes the vulnerability in CVE-2018-17532?
CVE-2018-17532 is caused by insufficient user input sanitization in the autologin.cgi and hotspotlogin.cgi scripts.
Can CVE-2018-17532 be exploited remotely?
Yes, CVE-2018-17532 can be exploited remotely by attackers without authentication.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- collector/bleeping-computer
- source/BleepingComputer
- alias/CVE-2023-1389
- alias/CVE-2018-17532
- collector/the-register
- source/The Register
- alias/CVE-2024-41710
- alias/CVE-2023-26801
- alias/CVE-2022-31137
- alias/CVE-2018-10562
- alias/CVE-2018-10561
- agent/source
- agent/trending
- agent/references
- agent/weakness
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- agent/news-ai
- exploited/true
- agent/severity
- vendor/teltonika
- canonical/teltonika rut900 firmware
- canonical/teltonika rut950 firmware
- canonical/teltonika networks rut950 firmware
- canonical/teltonika rut955 firmware