Teltonika vulnerabilites

Teltonika router flaws pose a remote attack threat to Industrial organizations

2 Mins Read

PUREVPNNewsTeltonika router flaws pose a remote attack threat to Industrial organizations

Otorio and Claroty, two industrial cybersecurity firms, have collaborated to conduct a comprehensive analysis of Teltonika products and have uncovered potentially severe vulnerabilities that put numerous organizations at risk of remote hacker attacks.

Teltonika Networks, a company based in Lithuania, produces a range of networking solutions, including LTE routers, gateways, modems, and more. These products are widely used across various industrial, energy, utilities, smart city, transportation, enterprise, and retail sectors.

It is important for businesses to prioritize implementing a business VPN solution for security purposes. This solution guarantees secure remote access and enhances network security by establishing IP-based Access Controls. This is especially crucial in light of the recent vulnerabilities found in Teltonika Networks’ products, including their cellular routers with plate numbers RUT241 and RUT955 as well as their Teltonika Remote Management System (RMS). These vulnerabilities were discovered by researchers from Otorio and Claroty.

Through their research, they identified eight distinct types of security vulnerabilities, briefly described in an advisory published by the US Cybersecurity and Infrastructure Security Agency (CISA) on May 11.

CISA Advisory.

What’s been done?

  • Upon notification, Teltonika promptly released patches for the RMS platform and the RUT routers to address these vulnerabilities.
  • The vulnerabilities found in the RMS platform can be exploited to execute arbitrary code or commands with elevated privileges, gain unauthorized access to information, and route connections to remote servers. The router vulnerabilities allow for arbitrary code or command execution.

Noam Moshe, a vulnerability researcher at Claroty, explained that “some of the vulnerabilities and exploit chains discovered do not require any permissions or credentials for the affected devices. Additionally, thousands of devices are currently accessible from the internet, making them vulnerable to exploitation. Moreover, certain attack chains can target devices not directly connected to the internet by leveraging access to the cloud-based management platform.”

Final take

The advancement of Industry 4.0 requires robust connectivity for devices, regardless of their location. The use of 4G/5G routers plays a crucial role in achieving this connectivity and driving the transformation.

Regarding IoT, a significant challenge lies in scaling up the infrastructure to support many 4G routers. Vulnerabilities in the cloud platforms can create opportunities for attackers to target companies’ remote sites and exploit network weaknesses.

So, its companies are prompt to foresee such attacks and employ proactive approaches to be secure!

author

PureVPN

date

May 19, 2023

time

12 months ago

PureVPN is a leading VPN service provider that excels in providing easy solutions for online privacy and security. With 6000+ servers in 65+ countries, It helps consumers and businesses in keeping their online identity secured.

Related Stories

Apple and Google Introduce Alerts for Hidden Bluetooth Trackers on iOS and Android

Apple and Google Introduce Alerts for Hidden Bluetooth Trackers on iOS and Android
Posted on May 16, 2024
Phorpiex Botnet Sends Millions of Emails in LockBit Black Ransomware Attack

Phorpiex Botnet Sends Millions of Emails in LockBit Black Ransomware Attack
Posted on May 14, 2024
South Australia Wants to Ban Social Media for Kids, Soaring VPN Searches

South Australia Wants to Ban Social Media for Kids, Soaring VPN Searches
Posted on May 14, 2024

Have Your Say!!

Join 3 million+ users to embrace internet freedom

Signup for PureVPN to get complete online security and privacy with a hidden IP address and encrypted internet traffic.

Get PureVPN