5655 questions

6864 answers

11066 comments

6947 members

0 votes
1,066 views 5 comments
by
I have received my cell bill for January and have found that several of my RUT500 routers have been sending thousands of SMS messages to numbers that don't exist. One RUT500 sent over 6000 SMS messages in January.

Has anyone else seen this type of activity recently? They all run firmware RUT5XX_NW_00.01.556 or RUT5XX_NW_00.01.805
by
I have the same problem and no solution...

My supplier told me that if I make a firmware update may solve the problem, but I don´t find the firmware any where...
by

Same problem. £££££££ with over 10 routers compromised !

Firmware fix is unlikely to fix the issue as the last firmware update was approx 2017. 

The RUT500 is already end of life and support for the router ends in July 2020. 

No idea how the router was exploited. 

Ask your provider to block all sms on your cell. 

Is  Teltonika going to provide some feedback, and will they be patching any firmware?

Firmware  versions can be found on this link

https://wiki.teltonika-networks.com/view/Where_can_I_find_firmwares_for_old_devices%3F

by
I have the same problem costing me thousands over the past 3months. the device is 3yrs old and I am annoyed as I have been left to foot the bill.

3 Answers

0 votes
by

Hello all,

We just did and update on out-of-date and potentially vulnerable packages on RUT500 firmware. These packages are:

        * dropbear (ssh): updated to 2017.75
        * openssl: updated to 1.0.2q
        * uhttpd (web services): updated to 2015-10-20
        * curl (web services): updated to 7.63.0 

You can find a download link of a firmware below.

Before flashing it on a large number of units - check whether all your currently used functionalities continues to function as expected.

Meanwhile, while testing and evaluating, this is what you must actively do:

  • set SMS limits, balance limits for your SIM card plans. Disable SMS entirely, if it is not utilized whatsoever;
  • set strong WebUI password (password change in newest firmware is mandatory);
  • do not have Public Access (remote HTTP(s)/SSH access) open. If Public access is necessary, have it firewall'ed for specific source IP's and ports;
  • Disable WiFi if unused. Use strong WiFi password otherwise;

Link to firmware:

https://wiki.teltonika-networks.com/view/Firmwares_for_Old_Devices

When upgrading firmware - check "do not keep settings" box. This shall restore the device to defaults, making sure any potential malicious scripts are gone.

IMPORTANT: if routers are in remote locations this upgrade, while not keeping settings, may render them inaccessible. Proceed with caution.

EDIT: fixed link to wiki

Best answer
0 votes
by

Good evening,

Please do send me Troubleshooting file from the router via PM. The file can be downloaded from: System -> Backup and Firmware menu page. This file may contain relevant clues.

Otherwise, after sending the troubleshooting file, do upgrade your firmware (link below), and make sure you adhere to the following when re-configuring the routers:

  • strong WebUI password;
  • have Public Access (remote HTTP(s)/SSH access) open only on-need basis, and ideally firewall'ed for specific source IP's and ports;
  • strong WiFi password.
Link to firmware:
When upgrading firmware - check "do not keep settings" box. This shall restore the device to defaults, making sure any potential malicious scripts are gone.
IMPORTANT: if routers are in remote locations this upgrade may render them inaccessible.
by

Please can someone at Teltonika investigate this? It seems more than one person has been hacked.

Our SMS bill for December, January and February is now over €10,000 because of this problem on 5 routers.

We are very concerned that RUT500 modems appear to have been seriously compromised.

Will latest firmware fix the problem?

0 votes
by
Please can someone at Teltonika investigate this? It seems more than one person has been hacked.

Our SMS bill for December, January and February is now over €10,000 because of this problem on 5 routers.

We are very concerned that RUT500 modems appear to have been seriously compromised.

Will latest firmware fix the problem?
by
IMO, the safest option is to block access to all the sensitive ports from the mobile/WAN  side, and use a VPN to administer the device.

Just my two cents.