Teltonika RUT model routers 命令注入漏洞(CVE-2023-32350)

admin

0
文章

0
评论

2023-11-29 23:37:54 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

Teltonika RUT model routers 命令注入漏洞(CVE-2023-32350)

CVE编号

CVE-2023-32350

利用情况

暂无

补丁情况

N/A

披露时间

2023-05-12

漏洞描述

Versions 00.07.00 through 00.07.03 of Teltonika’s RUT router firmware contain an operating system (OS) command injection vulnerability in a Lua service. An attacker could exploit a parameter in the vulnerable function that calls a user-provided package name by instead providing a package with a malicious name that contains an OS command injection payload.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	系统	teltonika-networks	rut200_firmware	*	From (including) 00.07.00	Up to (including) 00.07.03
	运行在以下环境
	系统	teltonika-networks	rut240_firmware	*	From (including) 00.07.00	Up to (including) 00.07.03
	运行在以下环境
	系统	teltonika-networks	rut241_firmware	*	From (including) 00.07.00	Up to (including) 00.07.03
	运行在以下环境
	系统	teltonika-networks	rut300_firmware	*	From (including) 00.07.00	Up to (including) 00.07.03
	运行在以下环境
	系统	teltonika-networks	rut360_firmware	*	From (including) 00.07.00	Up to (including) 00.07.03
	运行在以下环境
	系统	teltonika-networks	rut901_firmware	*	From (including) 00.07.00	Up to (including) 00.07.03
	运行在以下环境
	系统	teltonika-networks	rut950_firmware	*	From (including) 00.07.00	Up to (including) 00.07.03
	运行在以下环境
	系统	teltonika-networks	rut951_firmware	*	From (including) 00.07.00	Up to (including) 00.07.03
	运行在以下环境
	系统	teltonika-networks	rut955_firmware	*	From (including) 00.07.00	Up to (including) 00.07.03
	运行在以下环境
	系统	teltonika-networks	rut956_firmware	*	From (including) 00.07.00	Up to (including) 00.07.03
	运行在以下环境
	系统	teltonika-networks	rutx08_firmware	*	From (including) 00.07.00	Up to (including) 00.07.03
	运行在以下环境
	系统	teltonika-networks	rutx09_firmware	*	From (including) 00.07.00	Up to (including) 00.07.03
	运行在以下环境
	系统	teltonika-networks	rutx10_firmware	*	From (including) 00.07.00	Up to (including) 00.07.03
	运行在以下环境
	系统	teltonika-networks	rutx11_firmware	*	From (including) 00.07.00	Up to (including) 00.07.03
	运行在以下环境
	系统	teltonika-networks	rutx12_firmware	*	From (including) 00.07.00	Up to (including) 00.07.03
	运行在以下环境
	系统	teltonika-networks	rutx14_firmware	*	From (including) 00.07.00	Up to (including) 00.07.03
	运行在以下环境
	系统	teltonika-networks	rutx50_firmware	*	From (including) 00.07.00	Up to (including) 00.07.03
	运行在以下环境
	系统	teltonika-networks	rutxr1_firmware	*	From (including) 00.07.00	Up to (including) 00.07.03
	运行在以下环境
	硬件	teltonika-networks	rut200	-	-
	运行在以下环境
	硬件	teltonika-networks	rut240	-	-
	运行在以下环境
	硬件	teltonika-networks	rut241	-	-
	运行在以下环境
	硬件	teltonika-networks	rut300	-	-
	运行在以下环境
	硬件	teltonika-networks	rut360	-	-
	运行在以下环境
	硬件	teltonika-networks	rut901	-	-
	运行在以下环境
	硬件	teltonika-networks	rut950	-	-
	运行在以下环境
	硬件	teltonika-networks	rut951	-	-
	运行在以下环境
	硬件	teltonika-networks	rut955	-	-
	运行在以下环境
	硬件	teltonika-networks	rut956	-	-
	运行在以下环境
	硬件	teltonika-networks	rutx08	-	-
	运行在以下环境
	硬件	teltonika-networks	rutx09	-	-
	运行在以下环境
	硬件	teltonika-networks	rutx10	-	-
	运行在以下环境
硬件	teltonika-networks	rutx11	-	-
运行在以下环境
硬件	teltonika-networks	rutx12	-	-
运行在以下环境
硬件	teltonika-networks	rutx14	-	-
运行在以下环境
硬件	teltonika-networks	rutx50	-	-
运行在以下环境
硬件	teltonika-networks	rutxr1	-	-