Security Vulnerabilities in RMS and RUT Series Devices
#teltonikanetworks, #iot, #security
Recently, Teltonika Networks, in collaboration with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and cybersecurity research groups OTORIO and Claroty, discovered and swiftly resolved several vulnerabilities in RMS and RUT series devices. We would like to provide our clients with an update on the situation, assuring them that their devices are secure and that no clients have been impacted by these vulnerabilities.
Two independent research groups, OTORIO and Claroty, identified a total of six vulnerabilities in our Remote Management System (RMS) and two vulnerabilities in the firmware of RUT series devices. These vulnerabilities exposed potential attack vectors, including unauthorized access, remote code execution, denial of service, and potential device takeover via RMS.
Teltonika Networks took immediate action to address the identified vulnerabilities. Our dedicated teams worked diligently to develop and deploy patches and updates to eliminate these vulnerabilities from our systems as soon as possible. The RMS vulnerabilities were resolved with version 4.14.0, which was released on April 26th, 2023; and the RutOS vulnerabilities were resolved with version 7.03.04, which was released on February 9th, 2023. We highly recommend our clients to update the firmware of their Teltonika Networks devices.
We fully understand our clients’ concerns regarding the security of their Teltonika Networks devices. We want to reassure our clients that their devices remain safe, as these vulnerabilities have been promptly resolved. Through active monitoring and analysis of device registration flows and device-RMS communication handling, we can ensure that no client has been impacted by these vulnerabilities.
At Teltonika Networks, we prioritize the security of our clients' industrial IoT devices. We are committed to conducting regular security audits and employing best practices to mitigate risks and protect our clients' assets. We value the trust our clients have placed in us and continuously strive to enhance the security of our products and services.
Teltonika Networks acknowledges the discovery of vulnerabilities in our RMS platform and RUT series devices and expresses gratitude to Roni Gavrilov of OTORIO and Noam Moshe of Claroty for their contribution in uncovering these vulnerabilities. We want to reiterate to our clients that we have taken immediate action to address these vulnerabilities and that their devices remain secure. We remain committed to maintaining the highest standards of security and will continue to prioritize the protection of our clients' industrial IoT infrastructure.