ID
VAR-201707-0931
CVE
CVE-2017-8116
TITLE
Teltonika RUT9XX In the router firmware management interface root Vulnerability to execute arbitrary commands with privileges
Trust: 0.8
sources:
JVNDB: JVNDB-2017-006076
DESCRIPTION
The management interface for the Teltonika RUT9XX routers (aka LuCI) with firmware 00.03.265 and earlier allows remote attackers to execute arbitrary commands with root privileges via shell metacharacters in the username parameter in a login request. TeltonikaRUT9XXrouters (also known as LuCI) is a router product from Teltonika, Lithuania. A security vulnerability exists in the management interface in the TeltonikaRUT9XX router using firmware 0.03.265 and earlier. Teltonika Routers are prone to a remote command-execution vulnerability because it fails to properly sanitize user-supplied input. This may aid in further attacks
Trust: 2.61
sources:
NVD: CVE-2017-8116 //
JVNDB: JVNDB-2017-006076 //
CNVD: CNVD-2017-13830 //
BID: 100978 //
VULHUB: VHN-116319 //
VULMON: CVE-2017-8116
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2017-13830
AFFECTED PRODUCTS
| vendor: | teltonika | model: | rut900 | scope: | lte | version: | 00.03.265 | Trust: 1.8 |
| vendor: | teltonika | model: | rut905 | scope: | lte | version: | 00.03.265 | Trust: 1.8 |
| vendor: | teltonika | model: | rut950 | scope: | lte | version: | 00.03.265 | Trust: 1.8 |
| vendor: | teltonika | model: | rut955 | scope: | lte | version: | 00.03.265 | Trust: 1.8 |
| vendor: | teltonika | model: | rut9xx routers | scope: | lt | version: | 00.03.265 | Trust: 0.6 |
| vendor: | teltonika | model: | rut950 | scope: | eq | version: | 00.03.265 | Trust: 0.6 |
| vendor: | teltonika | model: | rut955 | scope: | eq | version: | 00.03.265 | Trust: 0.6 |
| vendor: | teltonika | model: | rut905 | scope: | eq | version: | 00.03.265 | Trust: 0.6 |
| vendor: | teltonika | model: | rut900 | scope: | eq | version: | 00.03.265 | Trust: 0.6 |
| vendor: | teltonika | model: | rut905 | scope: | eq | version: | 0.3.265 | Trust: 0.3 |
| vendor: | teltonika | model: | rut905 | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | teltonika | model: | rut900 | scope: | eq | version: | 0.3.265 | Trust: 0.3 |
| vendor: | teltonika | model: | rut900 | scope: | eq | version: | 0 | Trust: 0.3 |
sources:
CNVD: CNVD-2017-13830 //
BID: 100978 //
JVNDB: JVNDB-2017-006076 //
CNNVD: CNNVD-201707-060 //
NVD: CVE-2017-8116
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
CNVD: CNVD-2017-13830 //
VULHUB: VHN-116319 //
VULMON: CVE-2017-8116 //
JVNDB: JVNDB-2017-006076 //
CNNVD: CNNVD-201707-060 //
NVD: CVE-2017-8116
PROBLEMTYPE DATA
| problemtype: | CWE-78 | Trust: 1.1 |
| problemtype: | CWE-284 | Trust: 0.9 |
sources:
VULHUB: VHN-116319 //
JVNDB: JVNDB-2017-006076 //
NVD: CVE-2017-8116
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-201707-060
TYPE
operating system commend injection
Trust: 0.6
sources:
CNNVD: CNNVD-201707-060
CONFIGURATIONS
sources:
JVNDB: JVNDB-2017-006076
PATCH
| title: | Top Page | url: | http://teltonika.lt/ | Trust: 0.8 |
| title: | TeltonikaRUT9XX router arbitrary command execution vulnerability patch | url: | https://www.cnvd.org.cn/patchInfo/show/97827 | Trust: 0.6 |
| title: | Teltonika RUT9XX Repair measures for router security vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71397 | Trust: 0.6 |
sources:
CNVD: CNVD-2017-13830 //
JVNDB: JVNDB-2017-006076 //
CNNVD: CNNVD-201707-060
EXTERNAL IDS
| db: | NVD | id: | CVE-2017-8116 | Trust: 3.5 |
| db: | JVNDB | id: | JVNDB-2017-006076 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201707-060 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2017-13830 | Trust: 0.6 |
| db: | BID | id: | 100978 | Trust: 0.5 |
| db: | VULHUB | id: | VHN-116319 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2017-8116 | Trust: 0.1 |
sources:
CNVD: CNVD-2017-13830 //
VULHUB: VHN-116319 //
VULMON: CVE-2017-8116 //
BID: 100978 //
JVNDB: JVNDB-2017-006076 //
CNNVD: CNNVD-201707-060 //
NVD: CVE-2017-8116
REFERENCES
| url: | https://github.com/nettitude/metasploit-modules/blob/master/teltonika_add_user.rb | Trust: 3.2 |
| url: | https://labs.nettitude.com/blog/cve-2017-8116-teltonika-router-unauthenticated-remote-code-execution/ | Trust: 2.9 |
| url: | https://github.com/nettitude/metasploit-modules/blob/master/teltonika_cmd_exec.rb | Trust: 2.6 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8116 | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2017-8116 | Trust: 0.8 |
| url: | http://teltonika.lt/ | Trust: 0.3 |
| url: | https://cwe.mitre.org/data/definitions/78.html | Trust: 0.1 |
| url: | https://www.securityfocus.com/bid/100978 | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
sources:
CNVD: CNVD-2017-13830 //
VULHUB: VHN-116319 //
VULMON: CVE-2017-8116 //
BID: 100978 //
JVNDB: JVNDB-2017-006076 //
CNNVD: CNNVD-201707-060 //
NVD: CVE-2017-8116
CREDITS
Nettitude
Trust: 0.3
sources:
BID: 100978
SOURCES
| db: | CNVD | id: | CNVD-2017-13830 |
| db: | VULHUB | id: | VHN-116319 |
| db: | VULMON | id: | CVE-2017-8116 |
| db: | BID | id: | 100978 |
| db: | JVNDB | id: | JVNDB-2017-006076 |
| db: | CNNVD | id: | CNNVD-201707-060 |
| db: | NVD | id: | CVE-2017-8116 |
LAST UPDATE DATE
2025-04-20T23:23:43.009000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2017-13830 | date: | 2017-07-11T00:00:00 |
| db: | VULHUB | id: | VHN-116319 | date: | 2019-10-03T00:00:00 |
| db: | VULMON | id: | CVE-2017-8116 | date: | 2019-10-03T00:00:00 |
| db: | BID | id: | 100978 | date: | 2017-07-03T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-006076 | date: | 2017-08-17T00:00:00 |
| db: | CNNVD | id: | CNNVD-201707-060 | date: | 2019-10-23T00:00:00 |
| db: | NVD | id: | CVE-2017-8116 | date: | 2025-04-20T01:37:25.860 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2017-13830 | date: | 2017-07-11T00:00:00 |
| db: | VULHUB | id: | VHN-116319 | date: | 2017-07-03T00:00:00 |
| db: | VULMON | id: | CVE-2017-8116 | date: | 2017-07-03T00:00:00 |
| db: | BID | id: | 100978 | date: | 2017-07-03T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-006076 | date: | 2017-08-17T00:00:00 |
| db: | CNNVD | id: | CNNVD-201707-060 | date: | 2017-07-05T00:00:00 |
| db: | NVD | id: | CVE-2017-8116 | date: | 2017-07-03T16:29:00.557 |