GCVE - cpe:2.3:o:teltonika:rut950_firmware:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:o:teltonika:rut950_firmware:*:*:*:*:*:*:*:*

part: o version: * update: *

Vendor	Teltonika (`c8069389-d8e5-53a9-b8bf-3ac2f73bbe85`)
Product	Rut950 Firmware (`163dc533-b96c-51b6-9fb7-687a32de823d`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2018-17534`	vulnerable	2026-06-03 14:38:21.875635	Details available Teltonika RUT9XX routers with firmware before 00.04.233 provide a root terminal on a serial interface without proper access control. This allows attackers with physical access to execute arbitrary commands with root privileges. Published: 2018-10-15T19:00:00.000Z Updated: 2024-08-05T10:47:04.981Z Open on db.gcve.eu Reference links http://seclists.org/fulldisclosure/2018/Oct/28 http://packetstormsecurity.com/files/149779/Teltonika-RUT9XX-Missing-Access-Control-To-UART-Root-Terminal.html https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180319-02_Teltonika_Incorrect_Access_Control	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-17533`	vulnerable	2026-06-03 14:38:21.875105	Details available Teltonika RUT9XX routers with firmware before 00.05.01.1 are prone to cross-site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization. Published: 2018-10-15T19:00:00.000Z Updated: 2024-08-05T10:47:04.915Z Open on db.gcve.eu Reference links https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180410-01_Teltonika_Cross_Site_Scripting http://seclists.org/fulldisclosure/2018/Oct/29 http://packetstormsecurity.com/files/149781/Teltonika-RUT9XX-Reflected-Cross-Site-Scripting.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-17532`	vulnerable	2026-06-03 14:38:21.872967	Details available Teltonika RUT9XX routers with firmware before 00.04.233 are prone to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input sanitization. This allows remote attackers to execute arbitrary commands with root privileges. Published: 2018-10-15T19:00:00.000Z Updated: 2024-08-05T10:47:05.059Z Open on db.gcve.eu Reference links http://seclists.org/fulldisclosure/2018/Oct/27 http://packetstormsecurity.com/files/149777/Teltonika-RUT9XX-Unauthenticated-OS-Command-Injection.html https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180319-01_Teltonika_OS_Command_Injection	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-8116`	vulnerable	2026-06-03 14:37:39.133201	Details available The management interface for the Teltonika RUT9XX routers (aka LuCI) with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metacharacters in the username parameter in a login request. Published: 2017-07-03T16:00:00.000Z Updated: 2024-08-05T16:27:22.604Z Open on db.gcve.eu Reference links https://github.com/nettitude/metasploit-modules/blob/master/teltonika_add_user.rb https://github.com/nettitude/metasploit-modules/blob/master/teltonika_cmd_exec.rb https://labs.nettitude.com/blog/cve-2017-8116-teltonika-router-unauthenticated-remote-code-execution/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.