← back
CVE-2017-8116

CVE-2017-8116

EPSS 4.5%
The management interface for the Teltonika RUT9XX routers (aka LuCI) with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metacharacters in the username parameter in a login request.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/nettitude/metasploit-modules/blob/master/teltonika_add_user.rbhttps://github.com/nettitude/metasploit-modules/blob/master/teltonika_cmd_exec.rbhttps://labs.nettitude.com/blog/cve-2017-8116-teltonika-router-unauthenticated-remote-code-execution/