Floragasse 7 – 5th floor, 1040 Vienna
Subscribe to our Newsletter


SBA Security Advisory – Teltonika RUT9XX – Unauthenticated OS Command Injection (CVE-2018-17533)

Vulnerability Overview

Teltonika RUT9XX routers with firmware before are prone to cross-site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization.

  • Type of Vulnerability: Cross-site Scripting
  • Fixed in Version: RUT9XX_R_00.04.233
  • CVSSv3 Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
  • CVSSv3 Base Score: 8.2 (High)

Recommended Countermeasure

We recommend to update Teltonika RUT9XX routers to version RUT9XX_R_00.04.233 or later. For further details, see the full security advisory.


Full Security Advisory