Multiple flaws in Teltonika industrial cellular router expose OT networks to hack

Experts found multiple vulnerabilities in Teltonika industrial cellular routers that could expose OT networks to cyber attacks.

A joint analysis conducted by industrial cybersecurity firms Claroty and Otorio discovered multiple flaws in Teltonika Networks’ IIoT products that can expose OT networks to remote attacks.

Teltonika Networks is a leading manufacturer of networking solutions, widely adopted in industrial environments, including gateways, LTE routers, and modems.

The researchers discovered eight vulnerabilities that impact thousands of internet-connected devices worldwide. The experts demonstrated multiple attack vectors, including the exploitation of flaws in internet-exposed services, cloud account takeover, and the exploitation of flaws in the cloud infrastructure.

Successful exploitation of the flaws can have a broad range of impacts on compromised devices, including monitoring of the network traffic, the exposure of sensitive data, hijacking internet connections and accessing internal services. 

“Also, an attacker may exploit these issues to access and control networked devices and change router settings in order to manipulate configurations such as DNS settings or firewall rules. The compromised industrial devices may also be used to launch attacks against other devices or networks.” reads the advisory published by Otorio.

The study focuses on the RUT241 and RUT955 cellular routers manufactured by Teltonika, and on the Remote Management System (RMS) provided by the vendor.

The Teltonika Remote Management System (RMS) is a cloud-based or on-premises platform that allows customers to remotely monitor and manage connected devices. The platform provides real-time monitoring and control, it also supports advanced features such as device management, software and firmware updates, GPS tracking, and data visualization. 

The US Cybersecurity and Infrastructure Security Agency (CISA) recently published an advisory on these vulnerabilities. 

“Successful exploitation of these vulnerabilities could expose sensitive device information and device credentials, enable remote code execution, expose connected devices managed on the network, and allow impersonation of legitimate devices.” reads the advisory from CISA.

Teltonika quickly addressed the reported vulnerabilities in RUT industrial cellular routers and the RMS.

The vendor has been notified and it has released patches for both the RMS platform and the RUT routers.

Below is the list of the impacted Teltonika products and the associated vulnerabilities:

• Remote Management System (RMS): Versions prior to 4.10.0 (affected by CVE-2023-32346, CVE-2023-32347, CVE-2023-32348, CVE-2023-2587, CVE-2023-2588)
• Remote Management System (RMS): Versions prior to 4.14.0 (affected by CVE-2023-2586)
• RUT model routers: Version 00.07.00 through 00.07.03.4 (affected by CVE-2023-32349)
• RUT model routers: Version 00.07.00 through 00.07.03 (affected by CVE-2023-32350)

“While hundreds of thousands of Teltonika devices are deployed worldwide, a search on internet-scanning engines such as Shodan and Censys also reveals thousands of internet-facing devices, with their management ports externally exposed to the internet.” concludes Otorio.

We are in the final!

Please vote for Security Affairs (https://securityaffairs.com/) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini

Please nominate Security Affairs as your favorite blog.

Nominate Pierluigi Paganini and Security Affairs here here: https://docs.google.com/forms/d/e/1FAIpQLSepvnj8b7QzMdLh7vWEDQDqohjBUsHyn3x3xRdYGCetwVy2DA/viewform

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Teltonika)