CVE-2023-32350

Name of the Vulnerable Software and Affected Versions Teltonika RUT router firmware versions 00.07.00 through 00.07.03

Description The issue is an operating system (OS) command injection vulnerability in a Lua service. An attacker could exploit a parameter in the vulnerable function that calls a user-provided package name by instead providing a package with a malicious name that contains an OS command injection payload.

Recommendations For versions 00.07.00 through 00.07.03, as a temporary workaround, consider restricting the use of the Lua service until a patch is available. Avoid using user-provided package names in the vulnerable function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.