Vulnerability-Lookup - Search a vulnerability

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

FKIE_CVE-2017-8116

Vulnerability from fkie_nvd - Published: 2017-07-03 16:29 - Updated: 2025-04-20 01:37

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

The management interface for the Teltonika RUT9XX routers (aka LuCI) with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metacharacters in the username parameter in a login request.

References

URL	Tags
cve@mitre.org	https://github.com/nettitude/metasploit-modules/blob/master/teltonika_add_user.rb	Exploit, Third Party Advisory
cve@mitre.org	https://github.com/nettitude/metasploit-modules/blob/master/teltonika_cmd_exec.rb	Exploit, Third Party Advisory
cve@mitre.org	https://labs.nettitude.com/blog/cve-2017-8116-teltonika-router-unauthenticated-remote-code-execution/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/nettitude/metasploit-modules/blob/master/teltonika_add_user.rb	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/nettitude/metasploit-modules/blob/master/teltonika_cmd_exec.rb	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://labs.nettitude.com/blog/cve-2017-8116-teltonika-router-unauthenticated-remote-code-execution/	Third Party Advisory

Impacted products

Vendor	Product	Version
teltonika	rut900_firmware	*
teltonika	rut900	-
teltonika	rut905_firmware	*
teltonika	rut905	-
teltonika	rut950_firmware	*
teltonika	rut950	-
teltonika	rut955_firmware	*
teltonika	rut955	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:teltonika:rut900_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C23F232-784F-43BA-88CA-98A288FD5C2B",
              "versionEndIncluding": "00.03.265",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:teltonika:rut900:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9D1E794-1212-43CC-BA30-551EE45FA646",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:teltonika:rut905_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "323FAF90-F8A2-4FFE-B79A-08CB7B56BF73",
              "versionEndIncluding": "00.03.265",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:teltonika:rut905:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C45D7FA-FA7F-426C-9905-D6A6ACBE8AC1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:teltonika:rut950_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAE86264-F281-42DA-AA35-B6964E430684",
              "versionEndIncluding": "00.03.265",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:teltonika:rut950:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CE17C85-9A69-41FB-AB96-0DCAB72309A0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:teltonika:rut955_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF39D487-2CD1-4E9E-8323-6C5764B42B8B",
              "versionEndIncluding": "00.03.265",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:teltonika:rut955:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F29C3F1-DFAF-433A-8B1E-4BD2A8DF6C1E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The management interface for the Teltonika RUT9XX routers (aka LuCI) with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metacharacters in the username parameter in a login request."
    },
    {
      "lang": "es",
      "value": "La interfaz administrativa para los routers RUT9XX de Teltonika (tambi\u00e9n se conoce como LuCI) con firmware versi\u00f3n 00.03.265 y anteriores, permite a atacantes remotos ejecutar comandos arbitrarios con privilegios root por medio de metacaracteres shell en el par\u00e1metro username en una petici\u00f3n de inicio de sesi\u00f3n."
    }
  ],
  "id": "CVE-2017-8116",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-07-03T16:29:00.557",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_add_user.rb"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_cmd_exec.rb"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://labs.nettitude.com/blog/cve-2017-8116-teltonika-router-unauthenticated-remote-code-execution/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_add_user.rb"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_cmd_exec.rb"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://labs.nettitude.com/blog/cve-2017-8116-teltonika-router-unauthenticated-remote-code-execution/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2017-8116 (GCVE-0-2017-8116)

Vulnerability from cvelistv5 – Published: 2017-07-03 16:00 – Updated: 2024-08-05 16:27

Summary

The management interface for the Teltonika RUT9XX routers (aka LuCI) with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metacharacters in the username parameter in a login request.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://github.com/nettitude/metasploit-modules/b…	x_refsource_MISC
	https://github.com/nettitude/metasploit-modules/b…	x_refsource_MISC
	https://labs.nettitude.com/blog/cve-2017-8116-tel…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:27:22.604Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_add_user.rb"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_cmd_exec.rb"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://labs.nettitude.com/blog/cve-2017-8116-teltonika-router-unauthenticated-remote-code-execution/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-06-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The management interface for the Teltonika RUT9XX routers (aka LuCI) with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metacharacters in the username parameter in a login request."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-03T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_add_user.rb"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_cmd_exec.rb"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://labs.nettitude.com/blog/cve-2017-8116-teltonika-router-unauthenticated-remote-code-execution/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-8116",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The management interface for the Teltonika RUT9XX routers (aka LuCI) with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metacharacters in the username parameter in a login request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_add_user.rb",
              "refsource": "MISC",
              "url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_add_user.rb"
            },
            {
              "name": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_cmd_exec.rb",
              "refsource": "MISC",
              "url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_cmd_exec.rb"
            },
            {
              "name": "https://labs.nettitude.com/blog/cve-2017-8116-teltonika-router-unauthenticated-remote-code-execution/",
              "refsource": "MISC",
              "url": "https://labs.nettitude.com/blog/cve-2017-8116-teltonika-router-unauthenticated-remote-code-execution/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-8116",
    "datePublished": "2017-07-03T16:00:00",
    "dateReserved": "2017-04-25T00:00:00",
    "dateUpdated": "2024-08-05T16:27:22.604Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-8116 (GCVE-0-2017-8116)

Vulnerability from nvd – Published: 2017-07-03 16:00 – Updated: 2024-08-05 16:27

Summary

The management interface for the Teltonika RUT9XX routers (aka LuCI) with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metacharacters in the username parameter in a login request.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://github.com/nettitude/metasploit-modules/b…	x_refsource_MISC
	https://github.com/nettitude/metasploit-modules/b…	x_refsource_MISC
	https://labs.nettitude.com/blog/cve-2017-8116-tel…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:27:22.604Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_add_user.rb"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_cmd_exec.rb"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://labs.nettitude.com/blog/cve-2017-8116-teltonika-router-unauthenticated-remote-code-execution/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-06-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The management interface for the Teltonika RUT9XX routers (aka LuCI) with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metacharacters in the username parameter in a login request."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-03T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_add_user.rb"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_cmd_exec.rb"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://labs.nettitude.com/blog/cve-2017-8116-teltonika-router-unauthenticated-remote-code-execution/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-8116",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The management interface for the Teltonika RUT9XX routers (aka LuCI) with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metacharacters in the username parameter in a login request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_add_user.rb",
              "refsource": "MISC",
              "url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_add_user.rb"
            },
            {
              "name": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_cmd_exec.rb",
              "refsource": "MISC",
              "url": "https://github.com/nettitude/metasploit-modules/blob/master/teltonika_cmd_exec.rb"
            },
            {
              "name": "https://labs.nettitude.com/blog/cve-2017-8116-teltonika-router-unauthenticated-remote-code-execution/",
              "refsource": "MISC",
              "url": "https://labs.nettitude.com/blog/cve-2017-8116-teltonika-router-unauthenticated-remote-code-execution/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-8116",
    "datePublished": "2017-07-03T16:00:00",
    "dateReserved": "2017-04-25T00:00:00",
    "dateUpdated": "2024-08-05T16:27:22.604Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Search criteria

3 vulnerabilities found for rut905_firmware by teltonika

FKIE_CVE-2017-8116

CVE-2017-8116 (GCVE-0-2017-8116)

CVE-2017-8116 (GCVE-0-2017-8116)