Security Notification for Teltonika Networks 5G Devices
#2024, #security, #5g
A number of implementation-level 5G vulnerabilities were recently identified in a chipset manufacturer, resulting in three denial-of-service vulnerabilities affecting Teltonika Networks 5G devices in terms of device availability, but not integrity or confidentiality.
We recently became aware of implementation-level 5G vulnerabilities found in a manufacturer of chipsets used in some of our products. As our 5G devices – the RUTX50, RUTM50, and TRB500 – contain these chipsets, the following vulnerabilities were identified in those devices:
- CVE-2023-33042 – Transient DOS in Modem after RRC Setup message is received.
- CVE-2023-33043 – Transient DOS in Modem when a Beam switch request is made with a non-configured BWP.
- CVE-2023-33044 – Transient DOS in Data modem while handling TLB control messages from the Network.
These three vulnerabilities are denial-of-service vulnerabilities, affecting device availability but not integrity or confidentiality. In other words, they allow outside attackers to continuously reboot the devices, thereby disrupting the network, but do not pose any risk of data leaks or theft in any way.
As these vulnerabilities stem from a third-party vendor with proprietary software for 5G modules – Teltonika Networks does not currently have patched firmware or workaround available. We have requested both and will notify our clients as soon as a workaround and/or patched firmware becomes available.
Transparency regarding such issues is, as always, of utmost importance to Teltonika Networks. For further assistance or advice on updating the firmware, please reach out to our technical support Helpdesk.