Vulnerability Fix to “5Ghoul” Affecting Teltonika 5G Devices（日本語）

5G vulnerabilities known as "5Ghoul", which we reported on earlier this year, have been remediated in our RUTX50 and RUTM50 devices. This article presents the steps necessary for this remediation.

Earlier this year, Teltonika notified its users of a number of implementation-level 5G vulnerabilities found in a manufacturer of chipsets used in our RUTX50 and RUTM50 5G routers. These vulnerabilities, collectively referred to as “5Ghoul”, include the following:

• CVE-2023-33042 – Transient DOS in Modem after RRC Setup message is received.

  
  

• CVE-2023-33043 – Transient DOS in Modem when a Beam switch request is made with a non-configured BWP.

  
  

• CVE-2023-33044 – Transient DOS in Data modem while handling TLB control messages from the Network.

  
  

5Ghoul vulnerabilities can now be remediated in the aforementioned devices by updating their modem’s firmware. You can do so by navigating to System, then Firmware, and changing the firmware type to Modem.

Please update your device’s firmware to the firmware version listed below, and ensure you have the RutOS version installed on the device to successfully update its modem firmware.

• RUTM50: modem firmware version RG520NNADBR03A01M8G_01.002.01.002, RutOS version 7.08.

  
  

• RUTX50: modem firmware RG501QEUAAR12A11M4G_04.200.04.200, RutOS version 7.03.1 or later.

  
  

• RUTC50 and TRM500: modem firmware RG520NEBDCR03A04M4G_01.200.01.200, RutOS version 7.08.

  
  

As ever, Teltonika takes the security of its products with utmost importance and is committed to full transparency regarding such matters. For further assistance or advice on updating the firmware, please reach out to our technical support Helpdesk.