TELTONIKA NETWORKING DEVICES
Centro De
Seguridad
Cualquier dispositivo conectado a Internet está expuesto a ciberataques. Aquí proporcionamos toda la información sobre cualquier vulnerabilidad de seguridad existente o potencial relacionada con nuestros productos de conectividad.
Three denial-of-service vulnerabilities in third-party chipsets affecting our 5G devices
15/1/24
The following three denial-of-service 5G vulnerabilities were found in third-party chipsets, which our RUTX50, RUTM50, and TRB500 contain:
These affect device availability but not integrity or confidentiality. As they stem from a third-party vendor, Teltonika Networks does not currently have patched firmware or workaround available. For more information, read this article.
Firmware vulnerability in TRB1-series devices
9/1/24
This vulnerability can only be exploited through LAN access via Ethernet or USB interfaces and does not affect devices remotely via mobile networks. It affects the TRB140, TRB141, TRB142, TRB143, and TRB145 industrial gateways across all firmware versions before TRB1_R_00.07.05.2 and was remediated with version TRB1_R_00.07.05.2. For more information, read this article.
RMS and RutOS Vulnerabilities from CISA Advisory ICSA-23-131-08
24/5/23
8 vulnerabilities were recently remediated from the RMS platform and RutOS firmware:
6 RMS vulnerabilities were remediated with version 4.10.0 (2023-03-22) and 4.14.0 (2023-04-26): CVE-2023-32346, CVE-2023-32347, CVE-2023-32348, CVE-2023-2587, CVE-2023-2588, CVE-2023-2586
2 RutOS vulnerabilities were remediated with version 7.03 (2022-12-16) and 7.03.4 (2023-02-09): CVE-2023-32349, CVE-2023-32350
Recommendation: Medusa Botnet - a threat to Linux based devices
7/2/23
Medusa Botnet infects devices via bruteforce attacks, and our devices are fitted with bruteforce prevention mechanisms to block attackers after 10 incorrect attempts which is enabled by default.
To further enhance your resistance to Medusa, you may also change the default ports for SSH and Telnet services, which Medusa cannot identify.
Title
Descripción
Title and description
- Página 3
NEWS & ARTICLES
Secure Software Development Lifecycle
Ensuring the security of our products and services is a top priority at Teltonika. They are designed, developed, and rigorously tested with security and privacy in mind throughout the software development lifecycle of each release.
In addition to performing vulnerability management, reviewing vulnerability reports, routine monitoring of new vulnerabilities, and handling vulnerability remediation, Teltonika’s core Secure Software Development Lifecycle (SSDL) consists of the following phases:
Training
As a pre-requirement of this lifecycle, Teltonika’s security team drafts training materials and developer test on a yearly basis.
Requirements
Baseline security and privacy requirements for the upcoming release are drafted and communicated internally.
Design
Software design reviews are conducted with the goals of understanding the upcoming release, drafting.
Implementation
Static code scanning tools are maintained and code is reviewed.
Verification
Comprehensive fuzzing, penetration, and final security tests are performed.
Release
Documents are finalised, archived, and taken into account for the following cycle.
