8 vulnerabilities were recently remediated from the RMS platform and RusOS firmware:
Multiple vulnerabilities were remediated as cURL was patched to version 7.86.0 in RUTOS 7.3 firmware.
Vulnerabilities are patched with our RUTOS 7.3 firmware, as such it is advised to update your firmware to the latest one available.
At Teltonika Networks, we take security issues seriously and consistently seek to respond appropriately. Please get in touch with our Security Team via a specialized contact form if you have found a potential security issue in any of our products or software.
We are happy to accept anonymous vulnerability reports. However, in such a case, we would not be able to contact you for additional information and say thanks.
Please allow us at least 90 days to fix the vulnerability before publicly discussing it elsewhere or blogging about it.
-Affected product(s) and software version(s);
-Issue description and impact (including arbitrary code execution, information disclosure, etc.);
-Instructions to reproduce the issue; A proof-of-concept (POC).
We'd appreciate it if people reported other bugs via appropriate channels. Since the purpose here is to fix security vulnerabilities, only bugs that lead to security threats will be eligible.
The vulnerability must exist in the latest public release of the software or firmware to confirm it. The newest version is available in Teltonika Wiki Knowledge Base under the Firmware Errata category.
Please see the vulnerability handling process below:
Providing secure products and services is a high priority to us. Therefore, we strive to ensure that our products and services are designed, developed, and rigorously tested with a focus on security at every stage.
For this reason, we have a dedicated Cyber Security Team closely collaborating with engineers through the development lifecycle. The Cyber Security Team regularly performs internal and external security audits. They include vulnerability management, penetration tests, threat modeling, attack surface reduction, code reviews, static code scanning, and continuous improvements of the development process to meet “secure by design” principles.
Every employee in Teltonika Networks must complete an annual cyber security course involving general cyber security awareness and development practices. Besides, our development teams are educated in common software weakness types and vulnerabilities, unsecure functions, memory management, and information security concepts, such as defense in depth, attack surface, or privilege escalation.
We welcome all customer reports regarding security issues and take high-priority action on quick and decisive remediation. Any information provided to us will only be used to resolve security vulnerabilities swiftly and efficiently.