CVE-2023-32349

Name of the Vulnerable Software and Affected Versions Teltonika RUT router firmware versions 00.07.00 through 00.07.03.4

Description The packet dump utility in the firmware contains proper validation for filter parameters, but the variables for validation checks are stored in an external configuration file. An authenticated attacker could use an exposed UCI configuration utility to change these variables and enable malicious parameters in the dump utility, potentially resulting in arbitrary code execution.

Recommendations For versions 00.07.00 through 00.07.03.4, consider restricting access to the UCI configuration utility to prevent modification of the validation variables. As a temporary workaround, consider disabling the packet dump utility until a patch is available.