Since this thread auto closes today I’d like to sum up the current status from my point of view for any latecomers:
Right out of the box, the TRB500 is vulnerable to three high severity (CVSS score: 7.5) issues:
The built-in FOTA modem updater is disabled and there are no other modem firmware versions available online other than these two:
- RG501QEUAAR12A08M4G_04.001.04.001 (vulnerable)
- RG501QEUAAR12A07M4G_04.001.04.001 (vulnerable)
According to Teltonika’s own security center, and based on the common hardware config among devices, the latest known non-vulnerable modem version is:
- RG501QEUAAR12A11M4G_04.200.04.200 (safe)
The only way to get this updated firmware though is through private channels, e.g. by contacting Teltonika through this forum (you need to to this in a separate thread since this one closes today). I haven’t seen any official update yet but it is safe to say that they are aware of the problem and are working on it. Maybe one of their representatives can leave a comment here for us to feel more comfortable, an ETA would be even better.
@Teltonika: Thanks for the support so far, if you are looking for beta testers I’m definitely interested in joining in (you know where to find me).