GCVE - cpe:2.3:o:teltonika-networks:rut240_firmware:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:o:teltonika-networks:rut240_firmware:*:*:*:*:*:*:*:*

part: o version: * update: *

Vendor	Teltonika Networks (`6c326e00-df74-5f5f-a8a8-937dad526e20`)
Product	Rut240 Firmware (`b9b10d64-ce2f-525b-9b3c-f63c2397bb36`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-32350`	vulnerable	2026-06-03 14:51:58.312215	Details available HIGH (8) Versions 00.07.00 through 00.07.03 of Teltonika’s RUT router firmware contain an operating system (OS) command injection vulnerability in a Lua service. An attacker could exploit a parameter in the vulnerable function that calls a user-provided package name by instead providing a package with a malicious name that contains an OS command injection payload. Published: 2023-05-22T15:14:57.025Z Updated: 2025-01-16T21:34:13.864Z Open on db.gcve.eu Reference links https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-32349`	vulnerable	2026-06-03 14:51:58.283808	Details available HIGH (8) Version 00.07.03.4 and prior of Teltonika’s RUT router firmware contain a packet dump utility that contains proper validation for filter parameters. However, variables for validation checks are stored in an external configuration file. An authenticated attacker could use an exposed UCI configuration utility to change these variables and enable malicious parameters in the dump utility, which could result in arbitrary code execution. Published: 2023-05-22T15:12:08.610Z Updated: 2025-01-16T21:34:23.944Z Open on db.gcve.eu Reference links https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-31728`	vulnerable	2026-06-03 14:51:56.076963	Details available Teltonika RUT240 devices with firmware before 07.04.2, when bridge mode is used, sometimes make SSH and HTTP services available on the IPv6 WAN interface even though the UI shows that they are only available on the LAN interface. Published: 2024-02-17T00:00:00.000Z Updated: 2024-11-01T19:04:41.139Z Open on db.gcve.eu Reference links https://research.exoticsilicon.com/articles/lte_ethernet_bridge_bug_followup https://research.exoticsilicon.com/news	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.