Security Affairs
US and allied Governments’ Recommendations: Securing Network Devices Against Russian APT Groups|Chaotic Eclipse Unveils LegacyHive Exploit Affecting Fully Patched Windows Systems|AsyncAPI npm Supply Chain Attack: Malware Injected Into Packages With 2 Million Weekly Downloads|U.S. CISA adds SonicWall and Microsoft flaws to its Known Exploited Vulnerabilities catalog|SonicWall warns of active exploitation of two SMA 1000 zero-days|Patch Tuesday security updates for July 2026, the largest update ever. 621 CVEs in one month|U.S. Treasury Sanctions VPN Provider and Cryptor Seller Behind Billions in Ransomware Losses|Attacker Used AI to Build Custom PowerShell Recon Malware|Malware Hits Japan’s Largest Taxi Company Nihon Kotsu, Services Temporarily Suspended|CrashStealer: New macOS Infostealer Uses Signed Apps to Evade Gatekeeper|Lidl Notified Online Shop Customers in Germany, Belgium, and the Netherlands of a Data Breach|U.S. CISA adds a Cisco IOS flaw to its Known Exploited Vulnerabilities catalog|US and allied Governments’ Recommendations: Securing Network Devices Against Russian APT Groups|Chaotic Eclipse Unveils LegacyHive Exploit Affecting Fully Patched Windows Systems|AsyncAPI npm Supply Chain Attack: Malware Injected Into Packages With 2 Million Weekly Downloads|U.S. CISA adds SonicWall and Microsoft flaws to its Known Exploited Vulnerabilities catalog|SonicWall warns of active exploitation of two SMA 1000 zero-days|Patch Tuesday security updates for July 2026, the largest update ever. 621 CVEs in one month|U.S. Treasury Sanctions VPN Provider and Cryptor Seller Behind Billions in Ransomware Losses|Attacker Used AI to Build Custom PowerShell Recon Malware|Malware Hits Japan’s Largest Taxi Company Nihon Kotsu, Services Temporarily Suspended|CrashStealer: New macOS Infostealer Uses Signed Apps to Evade Gatekeeper|Lidl Notified Online Shop Customers in Germany, Belgium, and the Netherlands of a Data Breach|U.S. CISA adds a Cisco IOS flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Multiple flaws in Teltonika industrial cellular router expose OT networks to hack

Experts found multiple vulnerabilities in Teltonika industrial cellular routers that could expose OT networks to cyber attacks. A joint analysis conducted by industrial cybersecurity firms Claroty and Otorio discovered multiple flaws in Teltonika Networks’ IIoT products that can expose OT networks to remote attacks. Teltonika Networks is a leading manufacturer of networking solutions, widely adopted […]

Teltonika industrial cellular routers flaw

Experts found multiple vulnerabilities in Teltonika industrial cellular routers that could expose OT networks to cyber attacks.

A joint analysis conducted by industrial cybersecurity firms Claroty and Otorio discovered multiple flaws in Teltonika Networks’ IIoT products that can expose OT networks to remote attacks.

Teltonika Networks is a leading manufacturer of networking solutions, widely adopted in industrial environments, including gateways, LTE routers, and modems.

The researchers discovered eight vulnerabilities that impact thousands of internet-connected devices worldwide. The experts demonstrated multiple attack vectors, including the exploitation of flaws in internet-exposed services, cloud account takeover, and the exploitation of flaws in the cloud infrastructure.

Successful exploitation of the flaws can have a broad range of impacts on compromised devices, including monitoring of the network traffic, the exposure of sensitive data, hijacking internet connections and accessing internal services. 

“Also, an attacker may exploit these issues to access and control networked devices and change router settings in order to manipulate configurations such as DNS settings or firewall rules. The compromised industrial devices may also be used to launch attacks against other devices or networks.” reads the advisory published by Otorio.

The study focuses on the RUT241 and RUT955 cellular routers manufactured by Teltonika, and on the Remote Management System (RMS) provided by the vendor.

The Teltonika Remote Management System (RMS) is a cloud-based or on-premises platform that allows customers to remotely monitor and manage connected devices. The platform provides real-time monitoring and control, it also supports advanced features such as device management, software and firmware updates, GPS tracking, and data visualization. 

The US Cybersecurity and Infrastructure Security Agency (CISA) recently published an advisory on these vulnerabilities. 

“Successful exploitation of these vulnerabilities could expose sensitive device information and device credentials, enable remote code execution, expose connected devices managed on the network, and allow impersonation of legitimate devices.” reads the advisory from CISA.

Teltonika quickly addressed the reported vulnerabilities in RUT industrial cellular routers and the RMS.

The vendor has been notified and it has released patches for both the RMS platform and the RUT routers.

Below is the list of the impacted Teltonika products and the associated vulnerabilities:

  • Remote Management System (RMS): Versions prior to 4.10.0 (affected by CVE-2023-32346, CVE-2023-32347, CVE-2023-32348, CVE-2023-2587, CVE-2023-2588)
  • Remote Management System (RMS): Versions prior to 4.14.0 (affected by CVE-2023-2586)
  • RUT model routers: Version 00.07.00 through 00.07.03.4 (affected by CVE-2023-32349)
  • RUT model routers: Version 00.07.00 through 00.07.03 (affected by CVE-2023-32350)

“While hundreds of thousands of Teltonika devices are deployed worldwide, a search on internet-scanning engines such as Shodan and Censys also reveals thousands of internet-facing devices, with their management ports externally exposed to the internet.” concludes Otorio.

We are in the final!

Please vote for Security Affairs (https://securityaffairs.com/) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini

Please nominate Security Affairs as your favorite blog.

Nominate Pierluigi Paganini and Security Affairs here here: https://docs.google.com/forms/d/e/1FAIpQLSepvnj8b7QzMdLh7vWEDQDqohjBUsHyn3x3xRdYGCetwVy2DA/viewform

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Teltonika)