Security
Center
8 vulnerabilities were recently remediated from the RMS platform and RusOS firmware:
- 6 RMS vulnerabilities were remediated with version 4.10.0 (2023-03-22) and 4.14.0 (2023-04-26): CVE-2023-32346, CVE-2023-32347, CVE-2023-32348, CVE-2023-2587, CVE-2023-2588, CVE-2023-2586
- 2 RutOS vulnerabilities were remediated with version 7.03 (2022-12-16) and 7.03.4 (2023-02-09): CVE-2023-32349, CVE-2023-32350
- Medusa Botnet infects devices via bruteforce attacks, and our devices are fitted with bruteforce prevention mechanisms to block attackers after 10 incorrect attempts which is enabled by default.
- To further enhance your resistance to Medusa, you may also change the default ports for SSH and Telnet services, which Medusa cannot identify.
Multiple vulnerabilities were remediated as cURL was patched to version 7.86.0 in RUTOS 7.3 firmware.
- Several cURL vulnerabilities were discovered in RUTOS, ranging from LOW to MEDIUM severity
- CVE-2022-42915 CVE-2022-32221 CVE-2022-35252
- POST following PUT confusion; HTTP proxy double-free; control code in cookie denial of service
Vulnerabilities are patched with our RUTOS 7.3 firmware, as such it is advised to update your firmware to the latest one available.
- 5 WiFi CVE's discovered in total:
- CVE-2022-41674 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721 CVE-2022-42722
- Vulnerabilities stem from holes triggered by "Beacon Frames".
- Any Linux device vulnerable to these exploits would be susceptible to attacks when scanning for a network if a rogue AP was present.
At Teltonika Networks, we take security issues seriously and consistently seek to respond appropriately. Please get in touch with our Security Team via a specialized contact form if you have found a potential security issue in any of our products or software.
We are happy to accept anonymous vulnerability reports. However, in such a case, we would not be able to contact you for additional information and say thanks.
Please allow us at least 90 days to fix the vulnerability before publicly discussing it elsewhere or blogging about it.
-Affected product(s) and software version(s);
-Vulnerability overview;
-Issue description and impact (including arbitrary code execution, information disclosure, etc.);
-Instructions to reproduce the issue; A proof-of-concept (POC).
We'd appreciate it if people reported other bugs via appropriate channels. Since the purpose here is to fix security vulnerabilities, only bugs that lead to security threats will be eligible.
The vulnerability must exist in the latest public release of the software or firmware to confirm it. The newest version is available in Teltonika Wiki Knowledge Base under the Firmware Errata category.
Please see the vulnerability handling process below:
Providing secure products and services is a high priority to us. Therefore, we strive to ensure that our products and services are designed, developed, and rigorously tested with a focus on security at every stage.
For this reason, we have a dedicated Cyber Security Team closely collaborating with engineers through the development lifecycle. The Cyber Security Team regularly performs internal and external security audits. They include vulnerability management, penetration tests, threat modeling, attack surface reduction, code reviews, static code scanning, and continuous improvements of the development process to meet “secure by design” principles.
Every employee in Teltonika Networks must complete an annual cyber security course involving general cyber security awareness and development practices. Besides, our development teams are educated in common software weakness types and vulnerabilities, unsecure functions, memory management, and information security concepts, such as defense in depth, attack surface, or privilege escalation.
We welcome all customer reports regarding security issues and take high-priority action on quick and decisive remediation. Any information provided to us will only be used to resolve security vulnerabilities swiftly and efficiently.
Contact
us
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.