Teltonika’s Remote Management System versions 4.14.0 is vulnerable to an unauthorized attacker registering previously unregistered devices through the RMS platform. If the user has not disabled the "RMS management feature" enabled by default, then an attacker could register that device to themselves. This could enable the attacker to perform different operations on the user's devices, including remote code execution with 'root' privileges (using the 'Task Manager' feature on RMS).
References
Link | Resource |
---|---|
https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08 | Third Party Advisory US Government Resource |
https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08 | Third Party Advisory US Government Resource |
Configurations
History
21 Nov 2024, 07:58
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08 - Third Party Advisory, US Government Resource | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.0 |
31 May 2023, 20:19
Type | Values Removed | Values Added |
---|---|---|
First Time |
Teltonika remote Management System
Teltonika |
|
CPE | cpe:2.3:a:teltonika:remote_management_system:4.14.0:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
References | (MISC) https://www.cisa.gov/news-events/ics-advisories/icsa-23-131-08 - Third Party Advisory, US Government Resource |
Information
Published : 2023-05-22 16:15
Updated : 2024-11-21 07:58
NVD link : CVE-2023-2586
Mitre link : CVE-2023-2586
CVE.ORG link : CVE-2023-2586
JSON object : View
Products Affected
teltonika
- remote_management_system
CWE
CWE-287
Improper Authentication