Connect with us

Hi, what are you looking for?



Teltonika Vulnerabilities Could Expose Thousands of Industrial Organizations to Remote Attacks

Critical vulnerabilities found in Teltonika products by industrial cybersecurity firms Otorio and Claroty expose thousands of internet-exposed devices to attacks.

IIoT industrial vulnerabilities

Researchers at industrial cybersecurity companies Otorio and Claroty have teamed up to conduct a detailed analysis of products made by Teltonika and found potentially serious vulnerabilities that can expose many organizations to remote hacker attacks.

Teltonika Networks is a Lithuania-based company that makes LTE routers, gateways, modems and other networking solutions that are used worldwide in the industrial, energy, utilities, smart city, transportation, enterprise, and retail sectors.

Researchers at Otorio and Claroty have analyzed the company’s RUT241 and RUT955 cellular routers, as well as the Teltonika Remote Management System (RMS), a platform that can be deployed on-premises or in the cloud for monitoring and managing connected devices. 

The research resulted in the discovery of eight types of security holes, which the US Cybersecurity and Infrastructure Security Agency (CISA) described briefly in an advisory published on May 11. 

The vendor has been notified and it has released patches for both the RMS platform and the RUT routers. 

Otorio and Claroty on Monday released their own blog post providing a more detailed description of the findings. 

The RMS vulnerabilities can be exploited for arbitrary code or command execution with elevated privileges, obtaining information, and routing a connection to a remote server. The router vulnerabilities allow arbitrary code or command execution. 

“Some of our vulnerabilities and [exploit] chains do not require any permission/credentials for the devices,” explained Noam Moshe, vulnerability researcher at Claroty. “Currently, thousands of devices are internet-facing (meaning they are accessible from the internet), and some of the vulnerabilities are exploitable from the internet. In addition, some of our chains allow us to attack devices that may not be internet-facing by gaining access to the cloud-based management platform.”

Advertisement. Scroll to continue reading.

Moshe told SecurityWeek that 4G routers are typically used to connect remote IIoT/IoT sites or devices to the internet and — by exploiting vulnerabilities in these routers — attackers might be able to gain access to the internal network connected to the targeted device. 

“This means that attackers would be able to access thousands of organizations’ internal IIoT/IoT networks, vulnerable devices, internal services, etc.,” Moshe said.

Eran Jacob, security research team leader at Otorio, believes thousands of industrial environments worldwide are exposed to attacks due to these vulnerabilities. 

“These routers are typically connected directly to internal industrial environments and OT devices (vulnerable by design), amplifying the potential consequences,” Jacob told SecurityWeek

Learn More at SecurityWeek’s ICS Cyber Security Conference
The leading global conference series for Operations, Control Systems and OT/IT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.
ICS Cybersecurity Conference
October 23-26, 2023 | Atlanta

Related: Organizations Informed of Over a Dozen Vulnerabilities in Rockwell Automation Products

Related: Building Automation System Exploit Brings KNX Security Back in Spotlight 

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.