CVE-2023-32350: OS Command Injection
First published: Mon May 22 2023(Updated: )
Versions 00.07.00 through 00.07.03 of Teltonika’s RUT router firmware contain an operating system (OS) command injection vulnerability in a Lua service. An attacker could exploit a parameter in the vulnerable function that calls a user-provided package name by instead providing a package with a malicious name that contains an OS command injection payload.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Teltonika Remote Management System (RMS): Versions prior to 4.10.0 (affected by CVE-2023-32346, CVE-2023-32347, CVE-2023-32348, CVE-2023-2587, CVE-2023-2588) | ||
| Teltonika Remote Management System (RMS): Versions prior to 4.14.0 (affected by CVE-2023-2586) | ||
| Teltonika RUT model routers: Version 00.07.00 through 00.07.03.4 (affected by CVE-2023-32349) | ||
| Teltonika RUT model routers: Version 00.07.00 through 00.07.03 (affected by CVE-2023-32350) | ||
| Teltonika Networks RUT200 Firmware | >=00.07.00<=00.07.03 | |
| Teltonika Networks RUT200 | ||
| Teltonika Networks RUT240 Firmware | >=00.07.00<=00.07.03 | |
| Teltonika Networks RUT240 | ||
| Teltonika RUT241 Firmware | >=00.07.00<=00.07.03 | |
| Teltonika Networks RUT241 | ||
| teltonika-networks rut300 firmware | >=00.07.00<=00.07.03 | |
| teltonika-networks rut300 firmware | ||
| Teltonika Networks RUT360 | >=00.07.00<=00.07.03 | |
| Teltonika Networks RUT360 | ||
| Teltonika Networks RUT901 Firmware | >=00.07.00<=00.07.03 | |
| Teltonika Networks RUT901 Firmware | ||
| Teltonika Networks RUT950 | >=00.07.00<=00.07.03 | |
| Teltonika Networks RUT950 | ||
| Teltonika Networks RUT951 | >=00.07.00<=00.07.03 | |
| Teltonika Networks RUT951 | ||
| teltonika-networks rut955 firmware | >=00.07.00<=00.07.03 | |
| teltonika-networks rut955 firmware | ||
| teltonika-networks rut956 firmware | >=00.07.00<=00.07.03 | |
| teltonika-networks rut956 firmware | ||
| Teltonika Networks RUTX08 Firmware | >=00.07.00<=00.07.03 | |
| Teltonika Networks RUTX08 Firmware | ||
| teltonika-networks rutx09 | >=00.07.00<=00.07.03 | |
| Teltonika Networks RUTX09 Firmware | ||
| Teltonika Networks RUTX10 | >=00.07.00<=00.07.03 | |
| Teltonika Networks RUTX10 | ||
| Teltonika Networks RUTX11 | >=00.07.00<=00.07.03 | |
| Teltonika Networks RUTX11 | ||
| teltonika-networks rutx12 firmware | >=00.07.00<=00.07.03 | |
| Teltonika Networks RUTX12 | ||
| teltonika-networks rutx14 | >=00.07.00<=00.07.03 | |
| Teltonika Networks RUTX14 | ||
| teltonika-networks rutx50 firmware | >=00.07.00<=00.07.03 | |
| Teltonika Networks RUTX50 | ||
| Teltonika Networks RUTXR1 Firmware | >=00.07.00<=00.07.03 | |
| Teltonika Networks RUTXR1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-32350?
CVE-2023-32350 is a command injection vulnerability in Teltonika’s RUT router firmware.
How does CVE-2023-32350 impact Teltonika's RUT router firmware?
CVE-2023-32350 allows an attacker to execute arbitrary commands on the affected router firmware.
Which versions of Teltonika's RUT router firmware are affected by CVE-2023-32350?
Versions 00.07.00 through 00.07.03 of Teltonika’s RUT router firmware are affected by CVE-2023-32350.
What is the severity of CVE-2023-32350?
The severity of CVE-2023-32350 is high, with a CVSS score of 8.8.
How can I fix CVE-2023-32350 in Teltonika's RUT router firmware?
To fix CVE-2023-32350, it is recommended to update your Teltonika RUT router firmware to a version higher than 00.07.03.
- agent/weakness
- agent/type
- agent/author
- agent/references
- agent/description
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- vendor/teltonika
- canonical/teltonika remote management system (rms): versions prior to 4.10.0 (affected by cve-2023-32346, cve-2023-32347, cve-2023-32348, cve-2023-2587, cve-2023-2588)
- canonical/teltonika remote management system (rms): versions prior to 4.14.0 (affected by cve-2023-2586)
- canonical/teltonika rut model routers: version 00.07.00 through 00.07.03.4 (affected by cve-2023-32349)
- canonical/teltonika rut model routers: version 00.07.00 through 00.07.03 (affected by cve-2023-32350)
- vendor/teltonika-networks
- canonical/teltonika networks rut200 firmware
- version/teltonika networks rut200 firmware/00.07.00
- version/teltonika networks rut200 firmware/00.07.03
- canonical/teltonika networks rut200
- canonical/teltonika networks rut240 firmware
- version/teltonika networks rut240 firmware/00.07.00
- version/teltonika networks rut240 firmware/00.07.03
- canonical/teltonika networks rut240
- canonical/teltonika rut241 firmware
- version/teltonika rut241 firmware/00.07.00
- version/teltonika rut241 firmware/00.07.03
- canonical/teltonika networks rut241
- canonical/teltonika-networks rut300 firmware
- version/teltonika-networks rut300 firmware/00.07.00
- version/teltonika-networks rut300 firmware/00.07.03
- canonical/teltonika networks rut360
- version/teltonika networks rut360/00.07.00
- version/teltonika networks rut360/00.07.03
- canonical/teltonika networks rut901 firmware
- version/teltonika networks rut901 firmware/00.07.00
- version/teltonika networks rut901 firmware/00.07.03
- canonical/teltonika networks rut950
- version/teltonika networks rut950/00.07.00
- version/teltonika networks rut950/00.07.03
- canonical/teltonika networks rut951
- version/teltonika networks rut951/00.07.00
- version/teltonika networks rut951/00.07.03
- canonical/teltonika-networks rut955 firmware
- version/teltonika-networks rut955 firmware/00.07.00
- version/teltonika-networks rut955 firmware/00.07.03
- canonical/teltonika-networks rut956 firmware
- version/teltonika-networks rut956 firmware/00.07.00
- version/teltonika-networks rut956 firmware/00.07.03
- canonical/teltonika networks rutx08 firmware
- version/teltonika networks rutx08 firmware/00.07.00
- version/teltonika networks rutx08 firmware/00.07.03
- canonical/teltonika-networks rutx09
- version/teltonika-networks rutx09/00.07.00
- version/teltonika-networks rutx09/00.07.03
- canonical/teltonika networks rutx09 firmware
- canonical/teltonika networks rutx10
- version/teltonika networks rutx10/00.07.00
- version/teltonika networks rutx10/00.07.03
- canonical/teltonika networks rutx11
- version/teltonika networks rutx11/00.07.00
- version/teltonika networks rutx11/00.07.03
- canonical/teltonika-networks rutx12 firmware
- version/teltonika-networks rutx12 firmware/00.07.00
- version/teltonika-networks rutx12 firmware/00.07.03
- canonical/teltonika networks rutx12
- canonical/teltonika-networks rutx14
- version/teltonika-networks rutx14/00.07.00
- version/teltonika-networks rutx14/00.07.03
- canonical/teltonika networks rutx14
- canonical/teltonika-networks rutx50 firmware
- version/teltonika-networks rutx50 firmware/00.07.00
- version/teltonika-networks rutx50 firmware/00.07.03
- canonical/teltonika networks rutx50
- canonical/teltonika networks rutxr1 firmware
- version/teltonika networks rutxr1 firmware/00.07.00
- version/teltonika networks rutxr1 firmware/00.07.03
- canonical/teltonika networks rutxr1