Security Advisories: 20260109

Security Advisories: 20260109

Doc No. Robustel_SA_20260109
Updated January 9th, 2026


Robustel has released a firmware security update for all RobustOS devices. This update addresses security vulnerabilities related to OpenSSH and Nginx in the RobustOS firmware.
If you are utilizing Public IP SIMs or believe that your network requires enhanced protection, we recommend downloading and installing the latest firmware update through the RCMS. Should you have any questions or need assistance, please do not hesitate to contact the Robustel Support Team.

DETAILS

This section summarizes the potential impact that this security update addresses. Descriptions use CWE™, and base scores and vectors use CVSS3.0 standards.

CVE IDs

Summary

Base Score

Vector

CVE-2025-32728
In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.
3.8


CVSS:3.1/AV:L/AC:L/PR:
L/UI:N/S:C/C:N/I:L/A:N
CVE-2024-33452
An issue in OpenResty lua-nginx-module v.0.10.26 and before allows a remote attacker to conduct HTTP request smuggling via a crafted HEAD request.
7.7


CVSS:3.1/AV:N/AC:H/PR:

N/UI:N/S:U/C:H/I:H/A:L

SECURITY UPDATES

The following table lists the products affected, versions affected, and the updated version that includes this security update.
To upgrade the device firmware,
  1. you can either remotely deploy the corresponding firmware version to the device directly through RCMS.
  2. or download the firmware from the Robustel knowledge base to perform a local upgrade.

CVE IDs Addressed

Product Name

Affected Versions

Updated Version

CVE-2025-32728
All RobustOS Devices
V3.x and V5.x
V5.5.0
CVE-2024-33452
All RobustOS Devices
V5.x
V5.5.0

Mitigation

Upgrade to version V5.5.0

Remark:

  1. For R2110 / R5020 / R5020Lite with v5.x:  Upgrade to V5.2.2 or higher before upgrading to V5.5.0.
  2. For other models with V5.x: Upgrade to V5.5.0 directly
  3. For all model with legacy v3.x: Please contect Technical Support for assistance.

Initial Publication Date

January 9th, 2026

REVISION HISTORY

Revision

Date

Description

1.0

January 9th, 2026

Initial release

SUPPORT

For any inquiries regarding this security bulletin, please reach out to the Robustel Support Team.

    • Related Articles

    • Security Advisories: 20241220

      Doc No. Robustel_SA_20241220 Updated December 20th, 2024 Robustel has released a firmware security update for all RobustOS devices. This update addresses an OpenSSH and OpenSSL security issue in the RobustOS firmware. If you are utilizing Public IP ...

    • Security Advisories: 20250530

      Doc No. Robustel_SA_20250530 Updated May 30th, 2025 Robustel has released a firmware security update for all RobustOS and RobustOS Pro devices. This update addresses a Linux kernel security issue in the RobustOS and RobustOS Pro firmware. If you are ...

    • Security Advisories: 20220810

      Doc No. Robustel_SA_20220810 Updated August 10th, 2022 Robustel has released a firmware security update for all RobustOS devices. This update addresses security issues in the RobustOS firmware that may lead to arbitrary command execution and ...