CVE-2018-17534 Information

Description

Teltonika RUT9XX routers with firmware before 00.04.233 provide a root terminal on a serial interface without proper access control. This allows attackers with physical access to execute arbitrary commands with root privileges.

CVSS Vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

http://packetstormsecurity.com/files/149779/Teltonika-RUT9XX-Missing-Access-Control-To-UART-Root-Terminal.html http://seclists.org/fulldisclosure/2018/Oct/28 https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180319-02_Teltonika_Incorrect_Access_Control

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

6.8