CVE-2023-31728 – Teltonika RUT240 devices with vulnerable firmwa... (How to Fix)

Q: What is the severity of CVE-2023-31728?

CVE-2023-31728 has a CVSS score of 7.0 (HIGH). Teltonika RUT240 devices with vulnerable firmware expose SSH and HTTP services on IPv6 WAN interfaces when bridge mode is enabled, despite UI indications they're LAN-only. This allows unauthorized remote access to network management interfaces. Affected users are those running RUT240 devices in bridge mode with IPv6 enabled.

📋 TL;DR

Teltonika RUT240 devices with vulnerable firmware expose SSH and HTTP services on IPv6 WAN interfaces when bridge mode is enabled, despite UI indications they're LAN-only. This allows unauthorized remote access to network management interfaces. Affected users are those running RUT240 devices in bridge mode with IPv6 enabled.

💻 Affected Systems

Products:

Teltonika RUT240

Versions: Firmware before 07.04.2

Operating Systems: Embedded Linux

Default Config Vulnerable: ✅ No

Notes: Only affects devices with bridge mode enabled and IPv6 configured

📦 What is this software?

Rut240 Firmware by Teltonika Networks

View all CVEs affecting Rut240 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote attackers gain administrative access to the device, enabling network compromise, credential theft, and lateral movement into connected networks.

🟠

Likely Case

Unauthorized users discover and access management interfaces, potentially changing configurations or gathering network information.

🟢

If Mitigated

With proper network segmentation and access controls, exposure is limited to management interface access only.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires discovering exposed IPv6 addresses and attempting SSH/HTTP access

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 07.04.2

Vendor Advisory: https://wiki.teltonika-networks.com/view/RUT240_Firmware_Changelog

Restart Required: Yes

Instructions:

1. Log into RUT240 web interface. 2. Navigate to System → Firmware. 3. Upload firmware version 07.04.2. 4. Apply update and reboot device.

🔧 Temporary Workarounds

Disable IPv6 on WAN interface

all

Prevents exposure of services on IPv6 WAN interface

Disable bridge mode

all

Switch to router mode to avoid the vulnerability

🧯 If You Can't Patch

Implement strict firewall rules blocking external access to SSH (port 22) and HTTP (port 80/443)
Use network segmentation to isolate RUT240 devices from critical infrastructure

🔍 How to Verify

Check if Vulnerable:

Check if SSH or HTTP services respond on IPv6 WAN addresses when bridge mode is enabled

Check Version:

ssh admin@device_ip 'cat /etc/version' or check web interface System → Status

Verify Fix Applied:

Verify services no longer respond on IPv6 WAN interface after update

📡 Detection & Monitoring

Log Indicators:

Unauthorized SSH/HTTP access attempts from external IPv6 addresses
Configuration changes from unexpected sources

Network Indicators:

Unexpected SSH/HTTP traffic on IPv6 WAN interface
Port scans targeting device IPv6 addresses

SIEM Query:

source_ip IN (external_ips) AND dest_port IN (22,80,443) AND protocol=tcp AND dest_ip LIKE 'fe80::%'

📊 Metadata

CVE ID: CVE-2023-31728

CVSS v3 Score: 7.0 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Published: February 17, 2024

Last Updated: May 30, 2025

🔗 References

https://research.exoticsilicon.com/articles/lte_ethernet_bridge_bug_followup Third Party Advisory
https://research.exoticsilicon.com/news Third Party Advisory
https://research.exoticsilicon.com/articles/lte_ethernet_bridge_bug_followup Third Party Advisory
https://research.exoticsilicon.com/news Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON