CVE-2018-19879

Name of the Vulnerable Software and Affected Versions Teltonika RTU9XX (e.g., RUT950) versions R 31.04.89 through R 00.05.00.4

Description The issue concerns the authentication functionality in the /cgi-bin/luci endpoint, which is not protected against automated login attempts. This allows an anonymous attacker to make unlimited login attempts using automated tools, potentially leading to password cracking of a targeted user.

Recommendations For versions R 31.04.89 through R 00.05.00.4, update to version R 00.05.00.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the /cgi-bin/luci endpoint to minimize the risk of exploitation.