Floragasse 7 – 5th floor, 1040 Vienna
Subscribe to our Newsletter


SBA Security Advisory – Teltonika RUT9XX – Missing Access Control to UART Root Terminal (CVE-2018-17534)

Vulnerability Overview

Teltonika RUT9XX routers with firmware before 00.04.233 provide a root terminal on a serial interface without proper access control. This allows attackers with physical access to execute arbitrary commands with root privileges.

  • Type of Vulnerability: Incorrect Access Control
  • Fixed in Version: RUT9XX_R_00.04.233
  • CVSSv3 Vector: AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVSSv3 Base Score: 6.8 (Medium)

Recommended Countermeasure

We recommend to update Teltonika RUT9XX routers to version RUT9XX_R_00.04.233 or later. For further details, see the full security advisory.


Full Security Advisory