TELTONIKA NETWORKING DEVICES
Security Centre
Any device that is connected to the internet is subject to cyber-attacks. Here we provide all the information about any existing or potential security vulnerabilities related to our connectivity products.
5Ghoul vulnerability fix
22/08/24
5G vulnerabilities known as "5Ghoul" have been remediated in our 5G devices: RUTX50, RUTM50, RUTC50, and TRM500. You can update their modem’s firmware by navigating to System, then Firmware, and changing the firmware type to Modem.
Please update your device’s firmware to the firmware version listed below, and ensure you have the RutOS version installed on the device to successfully update its modem firmware.
RUTM50: modem firmware version RG520NNADBR03A01M8G_01.002.01.002, RutOS version 7.08.
RUTX50: modem firmware RG501QEUAAR12A11M4G_04.200.04.200, RutOS version 7.03.1 or later.
RUTC50 and TRM500: modem firmware RG520NEBDCR03A04M4G_01.200.01.200, RutOS version 7.08.
Three denial-of-service vulnerabilities in third-party chipsets affecting our 5G devices
15/01/24
The following three denial-of-service 5G vulnerabilities were found in third-party chipsets, which our RUTX50, RUTM50, and TRB500 contain:
These affect device availability but not integrity or confidentiality. As they stem from a third-party vendor, Teltonika Networks does not currently have patched firmware or workaround available. For more information, read this article.
Firmware vulnerability in TRB1-series devices
09/01/24
This vulnerability can only be exploited through LAN access via Ethernet or USB interfaces and does not affect devices remotely via mobile networks. It affects the TRB140, TRB141, TRB142, TRB143, and TRB145 industrial gateways across all firmware versions before TRB1_R_00.07.05.2 and was remediated with version TRB1_R_00.07.05.2. For more information, read this article.
RMS and RutOS Vulnerabilities from CISA Advisory ICSA-23-131-08
24/05/23
8 vulnerabilities were recently remediated from the RMS platform and RutOS firmware:
6 RMS vulnerabilities were remediated with version 4.10.0 (2023-03-22) and 4.14.0 (2023-04-26): CVE-2023-32346, CVE-2023-32347, CVE-2023-32348, CVE-2023-2587, CVE-2023-2588, CVE-2023-2586
2 RutOS vulnerabilities were remediated with version 7.03 (2022-12-16) and 7.03.4 (2023-02-09): CVE-2023-32349, CVE-2023-32350
Title
Description
Title and description
- Page 3
NEWS & ARTICLES
Secure Software Development Lifecycle
Ensuring the security of our products and services is a top priority at Teltonika. They are designed, developed, and rigorously tested with security and privacy in mind throughout the software development lifecycle of each release.
In addition to performing vulnerability management, reviewing vulnerability reports, routine monitoring of new vulnerabilities, and handling vulnerability remediation, Teltonika’s core Secure Software Development Lifecycle (SSDL) consists of the following phases:
Training
As a pre-requirement of this lifecycle, Teltonika’s security team drafts training materials and developer test on a yearly basis.
Requirements
Baseline security and privacy requirements for the upcoming release are drafted and communicated internally.
Design
Software design reviews are conducted with the goals of understanding the upcoming release, drafting.
Implementation
Static code scanning tools are maintained and code is reviewed.
Verification
Comprehensive fuzzing, penetration, and final security tests are performed.
Release
Documents are finalised, archived, and taken into account for the following cycle.
