Teltonika Industrial Routers and Remote Management Vulnerabilities
Take action: If using Teltonika products, patch them immediately with latest versions of software. Also, to minimize risk limit network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet.
Learn More
CISA has published a critical severity advisory for Teltonika Networks. Threat actors can exploit multiple issues within the remote management system (RMS) to expose sensitive device information and credentials, achieve remote code execution, unveil connected devices managed on the network, and impersonate legitimate devices.
These devices are used in Water and Wastewater, Energy and Critical Manufacturing.
Six specific vulnerabilities were announced (CVE-2023-32346, CVE-2023-32347, CVE-2023-32348, CVE-2023-2586, CVE-2023-2587, and CVE-2023-2588)
Affected products are:
- Remote Management System (RMS): Versions prior to 4.10.0 (affected by CVE-2023-32346, CVE-2023-32347, CVE-2023-32348, CVE-2023-2587, CVE-2023-2588)
- Remote Management System (RMS): Versions prior to 4.14.0 (affected by CVE-2023-2586)
- RUT model routers: Version 00.07.00 through 00.07.03.4 (affected by CVE-2023-32349)
- RUT model routers: Version 00.07.00 through 00.07.03 (affected by CVE-2023-32350)
