Vulnerabilities > CVE-2018-19878 - Use After Free vulnerability in Teltonika Rut950 Firmware R31.04.89

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

teltonika

CWE-416

NVD

Published: 2019-06-19

Updated: 2019-06-21

Summary

An issue was discovered on Teltonika RTU950 R_31.04.89 devices. The application allows a user to login without limitation. For every successful login request, the application saves a session. A user can re-login without logging out, causing the application to store the session in memory. Exploitation of this vulnerability will increase memory use and consume free space.

Vulnerable Configurations

Part	Description	Count
OS	Teltonika Teltonika Rut950 Firmware R_31.04.89	1
Hardware	Teltonika Teltonika Rut950 -	1

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://www.triadsec.com/CVE-2018-19878.pdf
https://www.triadsec.com/