FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
850 views 4 comments
by anonymous

I have a big sicurity risk issue in FW 06.05.1 found.

On a RUT 950 under Access Control "Remote SSH Access" is DISABLED. I've found several login attemps in Events section from WAN (LTE mobile), but this should be impossible. I've checked the firewall section and found "Enable_SSH_WAN_PASSTHROUGH" is still enabled while it should be disabled. Enable / disable "Remote SSH Access" in Access Control and save the settings have no effect.

After having big sicurity problems with older firmware versions (see cve-2017-8116) and being hacked by metasploit, this looks like the next big security issue...

3 Answers

0 votes
by anonymous

Hello, Ronald.Bernick,

Did a quick test, but I was unable to reproduce the issue. Public IP's are always being scanned by attackers, but this does not mean that they will be able to connect to your device and become a treat to your device security if you got a strong password, which is required by default with new FW versions.

Also after 5 failed attempts IP will be blocked if you haven't turned off this setting: https://wiki.teltonika-networks.com/view/RUT950_Administration#Safety

To check this further, can you provide a troubleshoot file when you got remote access disabled but still get login attempts ? You can send a troubleshoot via PM.

One more question. Have you made any firewall configurations manually ? From the 1st picture it looks like the IP is changed.

by anonymous
Hi,

Has this been solved?

regards
by anonymous

Hi,

We tried to reproduce the issue numerus times with different "break in" methods - we was unable to achieve results that  was mentioning.

Without an addition info (TCPdumps or similar logs) - we cannot confirm this as "hack" attempt.

0 votes
by

Hi  Vilmantas1,

I will send you the troubleshoot file asap.

BR, Ronald
0 votes
by anonymous

Hi Ronald.Bernick, 

I was unable to reproduce the issue.
Can you tell me what configuration was done before you encountered this situation? 

 Regards

by
I don't know exactly, because we are managing more than 100 RUT devices for our customers.

I can send you the backup file, you can try to restore and check if you have the same behavior.

Please let me know.

As far as I remember, the only difference compared to a standard configuration is: We use the WAN Port as a LAN Port (option is enabled)
by anonymous

Have you made any firewall configurations manually ?

From the 1st picture it looks like the IP is changed and by default these rules are turned off.