SSH and HTTP Services Available on IPv6 WAN Interface Despite UI Configuration
CVE-2023-31728
Currently unrated
What is CVE-2023-31728?
Teltonika RUT240 devices exhibit a network security flaw wherein the SSH and HTTP services remain accessible on the IPv6 WAN interface when operated in bridge mode. This occurs despite the user interface indicating that these services are restricted to the LAN interface. The issue stems from incorrect service binding configurations, potentially exposing sensitive management interfaces to unauthorized access. Users of RUT240 devices are advised to review their configurations and update to the latest firmware versions to mitigate risks associated with this vulnerability.