CVE-2018-17532

Name of the Vulnerable Software and Affected Versions Teltonika RUT9XX routers with firmware before 00.04.233

Description The issue is related to multiple unauthenticated OS command injection vulnerabilities in autologin.cgi and hotspotlogin.cgi due to insufficient user input sanitization. This allows remote attackers to execute arbitrary commands with root privileges. The vulnerability is also exploited through vulnerable endpoints like "8021xsupport.html", where the malicious entity downloads executable files, changes permissions to 777, and attempts to cover its tracks. Additionally, standard brute-force attacks on SSH and Telnet are used. The estimated impact includes the potential recruitment of IoT devices for DDoS attacks.

Recommendations Teltonika RUT9XX routers with firmware before 00.04.233 should update their firmware to version 00.04.233 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable endpoints like "8021xsupport.html" and disabling the autologin.cgi and hotspotlogin.cgi scripts until a patch is available. Avoid using the vulnerable firmware until the issue is resolved.